Biometric authentication using a smart ring

ABSTRACT

Systems and methods for performing biometric authentication using a smart ring are disclosed. An exemplary method includes collecting biometric data using sensors of a smart ring while a user is wearing the smart ring, wherein the biometric data includes a heartbeat pattern. The method further includes performing an authentication operation by (i) comparing the collected biometric data to a biometric signature for a known user to determine whether the biometric data matches the biometric signature, and (ii) when the biometric data matches the biometric signature, authenticating the user by updating a record to indicate that the user has been identified and authenticated as the known user. The method also includes, when the record indicates that the user has been identified and authenticated, digitally signing transaction data using a private cryptographic key stored on a memory of the smart ring.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent ApplicationNo. 62/877,391, filed Jul. 23, 2019, and U.S. Provisional PatentApplication No. 62/980,722, filed Feb. 24, 2020, both incorporated byreference herein for all purposes.

FIELD OF THE DISCLOSURE

The present disclosure generally relates to implementations of smartring wearable devices and, more particularly, to authenticationtechniques using smart ring wearable devices.

BACKGROUND

To obtain authorization to access digital and physical resources, aperson generally must provide a security system with an identity. Thesecurity system also typically needs some form of authentication fromthe person in order to ensure that the person actually matches theirprofessed identity. Three common forms of authentication include:something the person knows (e.g., a password), something the person has(e.g., a key, card, or token generator), or something the person is(e.g., biometrics such as a fingerprint). These forms of authenticationcan be combined to enable multi-factor authentication.

Conventional security devices used to facilitate authentication, such askeys, cards, and smartphones, can easily be stolen or misplaced. On theother hand, more permanent solutions such as chip implants and tattoosare invasive and hard to upgrade and/or replace. Further, often thesedevices only support one form of authentication and their capabilitiesare not flexible enough to accommodate different combinations ofmulti-factor authentication.

As one example, hardware wallets have been introduced to store andgenerate keys used to authenticate a person wishing to completecryptographic operations. These hardware wallets are generally in theform of a Universal Serial Bus (USB) device or smart card. Theseconventional devices are easy to lose or misplace. Furthermore, theseconventional devices cannot take advantage of many forms ofauthentication, such as certain biometric signatures and gesturepatterns that a device such as a smart card would not be able tomeasure.

BRIEF SUMMARY

The authentication techniques and devices described below address manyproblems with conventional security devices and techniques. Thedescribed authentication techniques utilize a smart ring as anauthentication device that is portable, easy to keep on the person, andable to support a wider variety of authentication forms. The smart ringcan easily and inconspicuously be worn by a person wherever they go.Moreover, the smart ring can support many individual authenticationforms and combinations of authentication forms that conventionalsecurity devices cannot. Because the smart ring is worn on a person'shand, the smart ring can capture a variety of biometric data, subtlegestures, and proximity effects with other devices such as other rings.The person can move and perform gestures freely, without needing tocarry a separate authentication device.

This summary is provided to introduce a selection of concepts that arefurther described below in the detailed description. Certain embodimentsmay include features and advantages not described in this summary.Further, certain embodiments may omit one or more (or all) of thefeatures and advantages described in this summary.

One example embodiment is a method performed by a smart ring includingcollecting, by one or more sensors of the smart ring, biometric data ofa particular user while the particular user is wearing the smart ring.The biometric data may include a heartbeat pattern of the particularuser. The method further includes performing an authentication operationby: (i) comparing the biometric data to a biometric signature for aknown user to determine whether the biometric data matches the biometricsignature and (ii) when the biometric data matches the biometricsignature, authenticating the particular user by updating a record toindicate that the particular user has been identified and authenticatedas the known user. Moreover, the method includes, when the recordindicates that the particular user has been identified andauthenticated, responding to said authenticating by digitally signingtransaction data using a private cryptographic key stored on a memory ofthe smart ring.

An additional embodiment is a smart ring comprising a housing configuredto be worn by a user on a finger of the user, one or more sensors, amemory, and a processor. The one or more sensors may be configured tocollect biometric data of a particular user while the particular user iswearing the smart ring. The biometric data may include a heartbeatpattern of the particular user. Further, the processor may be configuredto perform an authentication operation by: (i) comparing the biometricdata to a biometric signature for a known user to determine whether thebiometric data matches the biometric signature, and (ii) when thebiometric data matches the biometric signature, authenticating theparticular user by updating a record to indicate that the particularuser has been identified and authenticated as the known user. Theprocessor may also be configured to, when the record indicates that theparticular user has been identified and authenticated, respond to saidauthenticating by digitally signing transaction data using a privatecryptographic key stored on the memory of the smart ring.

Depending upon the embodiment, one or more benefits may be achieved.These benefits and various additional objects, features and advantagesof the present disclosure can be fully appreciated with reference to thedetailed description and accompanying drawings that follow.

BRIEF DESCRIPTION OF THE DRAWINGS

Each of the figures described below depicts one or more aspects of thedisclosed system(s) and/or method(s), according to an embodiment.Wherever possible, the detailed description refers to the referencenumerals included in the following figures.

FIG. 1 illustrates a system comprising a smart ring and a block diagramof smart ring components according to some embodiments.

FIG. 2 illustrates a number of different form factor types of a smartring according to some embodiments.

FIG. 3 illustrates examples of different smart ring form factors.

FIG. 4 illustrates an environment within which a smart ring may operateaccording to some embodiments.

FIG. 5 illustrates an example method for identifying and authenticatinga user using biometric data collected by a smart ring according to oneembodiment.

FIG. 6A and FIG. 6B illustrate an example method for performingmulti-factor authentication using a smart ring according to oneembodiment.

FIG. 7 illustrates an example method for identifying and authenticatinga user using contact data collected by a smart ring indicating asequence of taps of the smart ring according to one embodiment.

DETAILED DESCRIPTION

FIG. 1 illustrates a system 100 comprising (i) a smart ring 101including a set of components 102 and (ii) one or more devices orsystems that may be electrically, mechanically, or communicativelyconnected to the smart ring 101. Specifically, the system 100 maycomprise any one or more of: a charger 103 for the smart ring 101, auser device 104, a network 105, a mobile device 106, or a server 107.The charger 103 may provide energy to the smart ring 101 by way of adirect electrical, a wireless, or an optical connection. The smart ring101 may be in a direct communicative connection with the user device104, the mobile device 106, or the server 107 by way of the network 105.Interactions between the smart ring 101 and other components of thesystem 100 are discussed in more detail in the context of FIG. 4 .

The smart ring 101 may sense a variety of signals indicative ofactivities of a user wearing the ring 101, biometric signals, aphysiological state of the user, or signals indicative of the user'senvironment. The smart ring 101 may analyze the sensed signals usingbuilt-in computing capabilities or in cooperation with other computingdevices (e.g., user device 104, mobile device 106, server 107) andprovide feedback to the user or about the user via the smart ring 101 orother devices (e.g., user device 104, mobile device 106, server 107). Byanalyzing the sensed signals (e.g., representing sensed biometricinformation such as a heart rate signature or pattern, sensed motioninformation corresponding to gestures, and sensed proximity or contactinformation), the smart ring 101 (possibly in cooperation with othercomputing devices) may identify and authenticate a wearer of the smartring 101 as a particular known user. In response to authenticating awearer as a known user, the smart ring 101 may grant access to resourcesand/or perform certain operations, including cryptographic operations,to be discussed more in detail in the context of FIG. 5 , FIG. 6A, FIG.6B, and FIG. 7 . Additionally or alternatively, the smart ring 101 mayprovide the user with notifications sent by other devices, enable secureaccess to locations or information, or a variety of other applicationspertaining to health, wellness, productivity, or entertainment.

The server 107 may include one processor 108 and at least onenon-transitory computer-readable memory 109 storing instructionsexecutable on the processor 108. The server 107 may be an authenticationserver that supports the smart ring 101's authenticationfunctionalities. For example, the server 107 can store data pertainingto identified users (e.g., wearers) of the smart ring 101. The server107 may perform data analysis to identify and authenticate users of thesmart ring 101 and/or perform operations relating to authentication, asdescribed in further detail with respect to FIG. 5 , FIG. 6A, FIG. 6B,and FIG. 7 . While not depicted as such in FIG. 1 , it is understoodthat the server 107 may be one of several servers. Further, the server107 may be implemented as part of a cloud computing service, or may be anode of a decentralized blockchain.

The smart ring 101, which may be referred to herein as the ring 101, maycomprise a variety of mechanical, electrical, optical, or any othersuitable subsystems, devices, components, or parts disposed within, at,throughout, or in mechanical connection to a housing 110 (which may bering shaped and generally configured to be worn on a finger).Additionally, a set of interface components 112 a and 112 b may bedisposed at the housing, and, in particular, through the surface of thehousing. The interface components 112 a and 112 b may provide a physicalaccess (e.g., electrical, fluidic, mechanical, or optical) to thecomponents disposed within the housing. The interface components 112 aand 112 b may exemplify surface elements disposed at the housing. Asdiscussed below, some of the surface elements of the housing may also beparts of the smart ring components.

As shown in FIG. 1 , the components 102 of the smart ring 101 may bedistributed within, throughout, or on the housing 110. As discussed inthe contexts of FIG. 2 and FIG. 3 below, the housing 110 may beconfigured in a variety of ways and include multiple parts. The smartring components 102 may, for example, be distributed among the differentparts of the housing 110, as described below, and may include surfaceelements of the housing 110. The housing 110 may include mechanical,electrical, optical, or any other suitable subsystems, devices,components, or parts disposed within or in mechanical connection to thehousing 110, including a battery 120, a charging unit 130, a controller140, a sensor unit 150 comprising one or more sensors, a communicationsunit 160, a one or more user input devices 170, or a one or more outputdevices 190. Each of the components 120, 130, 140, 150, 160, 170, and/or190 may include one or more associated circuits, as well as packagingelements. The components 120, 130, 140, 150, 160, 170, and/or 190 may beelectrically or communicatively connected with each other (e.g., via oneor more busses or links, power lines, etc.), and may cooperate to enable“smart” functionality described within this disclosure.

The battery 120 may supply energy or power to the controller 140, thesensors 150, the communications unit 160, the user input devices 170, orthe output devices 190. In some scenarios or implementations, thebattery 120 may supply energy or power to the charging unit 130. Thecharging unit 130, may supply energy or power to the battery 120. Insome implementations, the charging unit 130 may supply (e.g., from thecharger 103, or harvested from other sources) energy or power to thecontroller 140, the sensors 150, the communications unit 160, the userinput devices 170, or the output devices 190. In a charging mode ofoperation of the smart ring 101, the average power supplied by thecharging unit 130 to the battery 120 may exceed the average powersupplied by the battery 120 to the charging unit 130, resulting in a nettransfer of energy from the charging unit 130 to the battery 120. In anon-charging mode of operation, the charging unit 130 may, on average,draw energy from the battery 120.

The battery 120 may include one or more cells that convert chemical,thermal, nuclear or another suitable form of energy into electricalenergy to power other components or subsystems 140, 150, 160, 170,and/or 190 of the smart ring 101. The battery 120 may include one ormore alkaline, lithium, lithium-ion and or other suitable cells. Thebattery 120 may include two terminals that, in operation, maintain asubstantially fixed voltage of 1.5, 3, 4.5, 6, 9, 12 V or any othersuitable terminal voltage between them. When fully charged, the battery120 may be capable of delivering to power-sinking components an amountof charge, referred to herein as “full charge,” without recharging. Thefull charge of the battery may be 1, 2, 5, 10, 20, 50, 100, 200, 500,1000, 2000, 5000, 10000, 20000 mAh or any other suitable charge that canbe delivered to one or more power-consuming loads as electrical current.

The battery 120 may include a charge-storage device, such as, forexample a capacitor or a super-capacitor. In some implementationsdiscussed below, the battery 120 may be entirely composed of one or morecapacitive or charge-storage elements. The charge storage device may becapable of delivering higher currents than the energy-conversion cellsincluded in the battery 120. Furthermore, the charge storage device maymaintain voltage available to the components or subsystems 130-190 whenone or more cells of the battery 120 are removed to be subsequentlyreplaced by other cells.

The charging unit 130 may be configured to replenish the charge suppliedby the battery 120 to power-sinking components or subsystems (e.g., oneor more of subsystems 130-190) or, more specifically, by theirassociated circuits. To replenish the battery charge, the charging unit130 may convert one form of electrical energy into another form ofelectrical energy. More specifically, the charging unit 130 may convertalternating current (AC) to direct current (DC), may perform frequencyconversions of current or voltage waveforms, or may convert energystored in static electric fields or static magnetic fields into directcurrent. Additionally or alternatively, the charging unit 130 mayharvest energy from radiating or evanescent electromagnetic fields(including optical radiation) and convert it into the charge stored inthe battery 120. Furthermore, the charging unit 130 may convertnon-electrical energy into electrical energy. For example, the chargingunit 130 may harvest energy from motion, or from thermal gradients.

The controller 140 may include a processor unit 142 and a memory unit144. The processor unit 142 may include one or more processors, such asa microprocessor (μP), a digital signal processor (DSP), a centralprocessing unit (CPU), a graphical processing unit (GPU), afield-programmable gate array (FPGA), an application-specific integratedcircuit (ASIC), or any other suitable electronic processing components.Additionally or alternatively, the processor unit 142 may includephotonic processing components.

The memory unit 144 may include one or more computer memory devices orcomponents, such as one or more registers, RAM, ROM, EEPROM, or on-boardflash memory. The memory unit 144 may use magnetic, optical, electronic,spintronic, or any other suitable storage technology. In someimplementations, at least some of the functionality the memory unit 144may be integrated in an ASIC or and FPGA. Furthermore, the memory unit144 may be integrated into the same chip as the processor unit 142 andthe chip, in some implementations, may be an ASIC or an FPGA.

The memory unit 144 may store a smart ring (SR) routine 146 with a setof instructions, that, when executed by the processor 142 may enable theoperation and the functionality described in more detail below.Furthermore, the memory unit 144 may store smart ring (SR) data 148,which may include (i) input data used by one or more of the components102 (e.g., by the controller when implementing the SR routine 146) or(ii) output data generated by one or more of the components 102 (e.g.,the controller 140, the sensor unit 150, the communication unit 160, orthe user input unit 170). In some implementations, other units,components, or devices may generate data (e.g., diagnostic data) forstoring in the memory unit 144.

For example, the memory unit 144 may store sensor data collected by thesensor unit 150. The processor unit 142 may compare sensor datacollected at a particular time (e.g., a current heart pattern) to sensordata collected at a previous time (e.g., a previously collected heartpattern or signature) in order to perform various functions. In someimplementations, the processor unit 142 may compare sensor data topreviously stored sensor data relating to a particular user in order toidentify and authenticate the user. In response to authenticating theuser, the smart ring 101 may grant the user security access to a digitalor physical resource or communicate with another device controllingaccess to the resource, as discussed in further detail with respect toFIG. 6A, FIG. 6B, and FIG. 7 . In some implementations, in response toauthenticating the user, the smart ring 101 may perform a cryptographicoperation, as discussed in further detail with respect to FIG. 5 .

The processing unit 142 may draw power from the battery 120 (or directlyfrom the charging unit 130) to read from the memory unit 144 and toexecute instructions contained in the smart ring routine 146. Likewise,the memory unit 144 may draw power from the battery 120 (or directlyfrom the charging unit 130) to maintain the stored data or to enablereading or writing data into the memory unit 144. The processor unit142, the memory unit 144, or the controller 140 as a whole may becapable of operating in one or more low-power mode. One such low powermode may maintain the machine state of the controller 140 when less thana threshold power is available from the battery 120 or during a chargingoperation in which one or more battery cells are exchanged.

The controller 140 may receive and process data from the sensors 150,the communications unit 160, or the user input devices 170. Thecontroller 140 may perform computations to generate new data, signals,or information. The controller 140 may send data from the memory unit144 or the generated data to the communication unit 160 or the outputdevices 190. The electrical signals or waveforms generated by thecontroller 140 may include digital or analog signals or waveforms. Thecontroller 140 may include electrical or electronic circuits fordetecting, transforming (e.g., linearly or non-linearly filtering,amplifying, attenuating), or converting (e.g., digital to analog, analogto digital, rectifying, changing frequency) of analog or digitalelectrical signals or waveforms.

The sensor unit 150 may include one or more sensors disposed within orthroughout the housing 110 of the ring 101. Each of the one or moresensors may transduce one or more of: light, sound, acceleration,translational or rotational movement, strain, temperature, chemicalcomposition, surface conductivity or other suitable signals intoelectrical or electronic sensors or signals. A sensor may be acoustic,photonic, micro-electro-mechanical systems (MEMS) sensors, chemical,micro-fluidic (e.g., flow sensor), or any other suitable type of sensor.

The sensors included in the sensor unit 150 may be configured to collectbiometric data indicative of biometric signatures unique to anindividual user (e.g., wearer) of the ring. For example, the sensor unit150 may include a heart rate sensor capable of measuring a user's heartrate. More particularly, the heart rate sensor can measure theelectrical activity of the heart by recording an electrocardiogram(ECG), for example. The heart rate sensor may be comprised of one ormore electrodes. The collected ECG pattern can be used to identify andauthenticate a user because ECG patterns are unique to individuals.Additionally or alternatively, the sensor unit 150 may include othersensors, such as vibration sensors and accelerometers, capable ofmeasuring heart beat signatures. For example, vibration sensors candetect blood flow patterns and/or chest movement patterns which may beindicative of a particular user. The user may need to hold the smartring 101 against another body part, such as their chest or anotherhand/finger in order for the sensor unit 150 to collect the biometricdata.

In some implementations, the sensor unit 150 may include sensors such asaccelerometers, gyroscopes, magnetometers, and/or IMUs configured todetect a user's walking gait. As individuals walk, the movements oftheir body generally correspond to a signature pattern unique to eachindividual. The sensor unit 150 of the smart ring 101 can collect motionand orientation data, and may determine the particular pattern ofmovements that corresponds to the gait of an individual wearer.Subsequently, this collected data may be compared to one or moreverified signatures unique to one or more people in order to identify asignature corresponding to the collected data (and to thereby identify aunique identity corresponding to the collected data).

The sensor unit 150 may collect other biometric data that may beindicative of a user. For example, the sensor unit 150 may include aniris scanner that can collect images of a user's eyes. The smart ring101 may analyze the images to perform iris recognition to identify auser. As another example, the sensor unit 150 may include a fingerprintscanner that can collect fingerprint data unique to a user. Stillfurther, the sensor unit 150 may include acoustic sensors that cancollect sound data, such as a user's voice. The user may speak apassword or pass phrase that the smart ring 101 can identify.Additionally or alternatively, the smart ring 101 may perform voicerecognition analysis to identify a user. For example, the smart ring 101may analyze voice parameters, such as pitch, tone, and cadence, toidentify the acoustic pattern of the speech.

Further, the sensors included in the sensor unit 150 may be configuredto collect data indicative of ring movement while a user is wearing thesmart ring 101. For example, the sensor unit 150 may include sensorssuch as accelerometers, gyroscopes, magnetometers, and/or inertialmotion units (IMUs) configured to detect motion and orientation of thesmart ring 101. The sensors can detect combinations of motions thatcorrespond to gestures and patterns of movement made by a wearer of thesmart ring 101. The sensor unit 150 can be equipped with a timer orclock such that detected movements are accompanied by a time stamp. Thesmart ring 101 can determine, based at least in part upon the closenessin time of detected motions, that a series of detected movementscorrespond to a gestural pattern. For example, the sensor unit 150 candetect motion corresponding to gestures such as handshakes, fist bumps,knocks, waves, thumbs-up, pointing, and any other hand motions orsignals.

The sensors in the sensor unit 150 may include tactile sensors that candetect when the smart ring 101, or when a portion of the smart ring 101housing including the tactile sensor, comes into contact with anotherobject or device. Examples of tactile sensors include piezoresistive,piezoelectric, capacitive, and elastoresistive sensors. For instance,the tactile sensors may be pressure sensors or strain sensors that candetect when force is applied to the tactile sensor. Similar to how thesmart ring 101 can determine, based at least in part upon the closenessin time of detected motions, that a series of detected motioncorresponds to a gestural pattern, the smart ring 101 can alsodetermine, based at least in part upon the closeness in time of detectedcontact, that the contact corresponds to a pattern. For example, thesmart ring 101 may detect a sequence of taps (e.g., physical contactbetween the ring and an object or device) and determine that that thesequence of taps corresponds to a particular pattern of taps. Thepattern of taps may be characterized by, for example, an overall numberof taps, the time between each tap, the time between a first detectedtap and a last detected tap. frequency of taps, tempo of taps, andrhythm of taps.

Other sensors of the smart ring 101 besides tactile sensors may also beable to detect when the smart ring 101 makes contact with another deviceor object. For example, acceleration and/or vibration sensors of thesensor unit 150 may detect sudden changes in acceleration and/orvibration of the smart ring 101 corresponding to contact.

Sensors included in the sensor unit 150 may also be able to detectcontact with a human body part, such as taps made by a human on thesmart ring 101 using a finger. In some cases, these sensors may be userinput devices within the user input unit 170, discussed further below.For example, the smart ring 101 may include specific buttons or portionsof the smart ring 101 housing that can detect tactile user input. Thesensors may also be used to determine when human skin makes contact withthe smart ring 101 or a portion of the smart ring 101 (e.g., the userinput unit 170) by sensing capacitive coupling or body heat.

Still further, sensors of the smart ring 101 may include proximitysensors that can detect when the smart ring 101 is in close proximity toanother device. A proximity sensor may also detect contact between thesmart ring 101 and another device. For example, if the proximity sensorcan detect when the proximity sensor is within a small distance fromanother device, and if that small distance is on the order of the sizeof the housing 110, then a proximity event that that the proximitysensor detects may actually correspond to contact between the housing110 and another device. The proximity sensors may be capacitive,inductive, magnetic, or optical sensors.

As one example, the proximity sensor may detect proximity with anotherdevice based at least in part upon short-range communication with theother device. For instance, the smart ring 101 may utilize near fieldcommunication (NFC) or other suitable short-range communication standardto detect proximity with another device. The sensor unit 150 (or thecommunication unit 160, discussed below) may include an active NFCdevice (e.g., an NFC chip or tag) that transmits electromagnetic signalsfrom the smart ring 101. When in close proximity (e.g., on the order of10 centimeters or less), another NFC-enabled device can receive thesignals and respond with signals that the NFC device of the smart ring101 can detect. The active NFC device may have different modes thatallow it to function either in an active mode (e.g., as a scanner orreader) or in a passive mode (e.g., as a tag). Additionally oralternatively, the sensor unit 150 (or the communication unit 160) mayinclude a passive NFC device that contains user-specific informationthat may be accessed by authorized readers. Signals received from anexternal device may include information including an identifier of theexternal device, and the smart ring 101 itself may transmit signalsincluding an identifier of the smart ring 101 (e.g., to demonstrate thepresence of the smart ring 101 for authentication purposes). Asmentioned above, if the NFC-range of the communication unit 160 is onthe order of the dimensions of the housing 110, then detection of NFCcommunications with another device may actually correspond to physicalcontact between the smart ring 101 and the other device.

The communication unit 160 may facilitate wired or wirelesscommunication between the ring 101 and one or more other devices. Thecommunication unit 160 may include, for example, a network adaptor toconnect to a computer network, and, via the network, tonetwork-connected devices. The computer network may be the Internet oranother type of suitable network (e.g., a personal area network (PAN), alocal area network (LAN), a metropolitan area network (MAN), a wide areanetwork (WAN), a mobile, a wired or wireless network, a private network,a virtual private network, etc.). The communication unit 160 may use oneor more wireless protocols, standards, or technologies forcommunication, such as Wi-Fi, NFC, Bluetooth, or Bluetooth low energy(BLE). Additionally or alternatively, the communication unit 160 mayenable free-space optical or acoustic links. In some implementations,the communication unit 160 may include one or more ports for a wiredcommunication connections. The wired connections used by the wirelesscommunication module 160 may include electrical or optical connections(e.g., fiber-optic, twisted-pair, coaxial cable).

User input unit 170 may collect information from a person wearing thering 101 or another user, capable of interacting with the ring 101. Insome implementations, one or more of the sensors in the sensor unit 150may act as user input devices within the user input unit 170. User inputdevices may transduce tactile, acoustic, video, gesture, or any othersuitable user input into digital or analog electrical signal, and sendthese electrical signals to the controller 140.

The output unit 190 may include one or more devices to outputinformation to a user of the ring 101. The one or more output devicesmay include acoustic devices (e.g., speaker, ultrasonic); haptic(thermal, electrical) devices; electronic displays for optical output,such as an organic light emitting device (OLED) display, a laser unit, ahigh-power light-emitting device (LED), etc.; or any other suitabletypes of devices. For example, the output unit 190 may include aprojector that projects an image onto a suitable surface. In someimplementations, the sensor unit 150, the user input unit 170, and theoutput unit 190 may cooperate to create a user interface withcapabilities (e.g., a keyboard) of much larger computer systems, asdescribed in more detail below.

Devices external to the smart ring 101 may support the user input and/oroutput functionalities of the smart ring 101. For example, in someimplementations, the smart ring 101 may receive user input and/or outputinformation to a user through a communicative connection with anotherdevice, such as the user device 104 or the mobile device 106. The smartring 101 may pair with these devices, for example via a Wi-Fi, NFC,Bluetooth, or other suitable wireless or wired communicative connection,and a user may be able to pass information to the smart ring 101 byinteracting with the paired device. For instance, the paired device maydisplay a webpage or application associated with the smart ring 101. Theuser may input information via the webpage or application, and thepaired device may communicate this user input to the smart ring 101.When the smart ring 101 has information for the user and/or has arequest to display to the user, the smart ring 101 may communicate thisinformation and/or request to the paired device, and the paired devicemay output the information and/or request to the user.

The components 120, 130, 140, 150, 160, 170, and/or 190 may beinterconnected by a bus 195, which may be implemented using one or morecircuit board traces, wires, or other electrical, optoelectronic, oroptical connections. The bus 195 may be a collection of electrical poweror communicative interconnections. The communicative interconnectionsmay be configured to carry signals that conform to any one or more of avariety of protocols, such as I2C, SPI, or other logic to enablecooperation of the various components.

FIG. 2 includes block diagrams of a number of different example formfactor types or configurations 205A, 205B, 205C, 205C, 205D, 205E,and/or 205F of a smart ring (e.g., the smart ring 101). Theconfigurations 205A, 205B, 205C, 205C, 205D, 205E, and/or 205F (whichmay also be referred to as the smart rings 205A, 205B, 205C, 205C, 205D,205E, and/or 205F) may each represent an implementation of the smartring 101, and each may include any one or more of the components 102 (orcomponents similar to the components 102). In some embodiments, one ormore of the components 102 may not be included in the configurations205A, 205B, 205C, 205C, 205D, 205E, and/or 205F. The configurations205A, 205B, 205C, 205C, 205D, 205E, and/or 205F include housings 210A,210B, 210C, 210C, 210D, 210E, and/or 210F, which may be similar to thehousing 110 shown in FIG. 1 .

The configuration 205 a may be referred to as a band-only configurationcomprising a housing 210 a. In the configuration 205 b, a band mayinclude two or more removably connected parts, such as the housing parts210 b and 210 c. The two housing parts 210 b and 210 c may each house atleast some of the components 102, distributed between the housing parks210 b and 210 c in any suitable manner.

The configuration 205 c may be referred to as a band-and-platformconfiguration comprising (i) a housing component 210 d and (ii) ahousing component 210 e (sometimes called the “platform 210 e”), whichmay be in a fixed or removable mechanical connection with the housing210 d. The platform 210 e may function as a mount for a “jewel” or forany other suitable attachment. The housing component 210 d and theplatform 210 e may each house at least one or more of the components 102(or similar components).

In some instances, the term “smart ring” may refer to a partial ringthat houses one or more components (e.g., components 102) that enablethe smart ring functionality described herein. The configurations 205 dand 205 e may be characterized as “partial” smart rings, and may beconfigured for attachment to a second ring. The second ring may be aconventional ring without smart functionality, or may be second smartring, wherein some smart functionality of the first or second rings maybe enhanced by the attachment.

The configuration 205 d, for example, may include a housing 210 f with agroove to enable clipping onto a conventional ring. The grooved clip-onhousing 210 f may house the smart ring components described above. Theconfiguration 205 e may clip onto a conventional ring using asubstantially flat clip 210 g part of the housing and contain the smartring components in a platform 210 h part of the housing.

The configuration 205 f, on the other hand, may be configured to becapable of being mounted onto a finger of a user without additionalsupport (e.g., another ring). To that end, the housing 210 i of theconfiguration 205 f may be substantially of a partial annular shapesubtending between 180 and 360 degrees of a full circumference. Whenimplemented as a partial annular shape, the housing 210 i may be moreadaptable to fingers of different sizes that a fully annular band (360degrees), and may be elastic. A restorative force produced by adeformation of the housing 210 i may ensure a suitable physical contactwith the finger. Additional suitable combinations of configurations (notillustrated) may combine at least some of the housing features discussedabove.

FIG. 3 includes perspective views of example configurations 305 a, 305b, 305 c, 305 c, 305 d, 305 e, and/or 305 f of a smart right (e.g., thesmart ring 101) in which a number of surface elements are included.

Configuration 305 a is an example band configuration 205 a of a smartring (e.g., smart ring 101). Some of the surface elements of the housingmay include interfaces 312 a, 312 b that may be electrically connectedto, for example, the charging unit 130 or the communications unit 160.On the outside of the configuration 305 a, the interfaces 312 a, 312 bmay be electrically or optically connected with a charger to transferenergy from the charger to a battery (e.g., the battery 120), or withanother device to transfer data to or from the ring 305 a. The outersurface of the configuration 305 a may include a display 390 a, whilethe inner surface may include a biometric sensor 350 a.

The configurations 305 b and 305 c are examples of configurations of asmart ring with multiple housing parts (e.g., configuration 205 b inFIG. 2 ). Two (or more) parts may be separate axially (configuration 305b), azimuthally (configuration 305 c), or radially (nested rings, notshown). The parts may be connected mechanically, electrically, oroptically via, for example, interfaces analogous to interfaces 312 a,312 b in configuration 305 a. Each part of a smart ring housing may haveone or more surface elements, such as, for example, sensors 350 b, 350 cor output elements 390 b, 390 c. The latter may be LEDs (e.g., outputelement 390 b) or haptic feedback devices (e.g., output element 390 c),among other suitable sensor or output devices. Additionally oralternatively, at least some of the surface elements (e.g., microphones,touch sensors) may belong to the user input unit 170.

Configuration 305 d may be an example of a band and platformconfiguration (e.g., configuration 205 c), while configurations 305 eand 305 f may be examples of the partial ring configurations 205 d and205 e, respectively. Output devices 390 d, 390 e, and 390 f on thecorresponding configurations 305 d, 305 e, and 305 f may be LCD display,OLED displays, e-ink displays, one or more LED pixels, speakers, or anyother suitable output devices that may be a part of a suite of outputsrepresented by an output unit (e.g., output unit 190). Other surfaceelements, such as an interface component 312 c may be disposed within,at, or through the housing. It should be appreciated that a variety ofsuitable surface elements may be disposed at the illustratedconfigurations 305 a, 305 b, 305 c, 305 c, 305 d, 305 e, and/or 305 f atlargely interchangeable locations. For example, the output elements 390d, 390 e, and 390 f may be replaced with sensors (e.g., UV sensor,ambient light or noise sensors, etc.), user input devices (e.g.,buttons, microphones, etc.), interfaces (e.g., including patch antennasor optoelectronic components communicatively connected to communicationsunits), or other suitable surface elements.

FIG. 4 illustrates an example environment 400 within which a smart ring405 may be configured to operate. In an embodiment, the smart ring 405may be the smart ring 101. In some embodiments, the smart ring 405 maybe any suitable smart ring capable of providing at least some of thefunctionality described herein. Depending on the embodiment, the smartring 405 may be configured in a manner similar or equivalent to any ofthe configurations 205A, 205B, 205C, 205C, 205D, 205E, and/or 205F or305 a, 305 b, 305 c, 305 c, 305 d, 305 e, and/or 305 f shown in FIG. 2and FIG. 3 .

The smart ring 405 may interact (e.g., by sensing, sending data,receiving data, receiving energy) with a variety of devices, such asbracelet 420 or another suitable wearable device, a mobile device 422(e.g., a smart phone, a tablet, etc.) that may be, for example, the userdevice 104, another ring 424 (e.g., another smart ring, a charger forthe smart ring 405, etc.), a secure access panel 432, a golf club 434(or another recreational accessory), a smart ring 436 worn by anotheruser, or a steering wheel 438 (or another vehicle interface).Additionally or alternatively, the smart ring 405 may be communicativelyconnected to a network 440 (e.g., WiFi, 5G cellular), and by way of thenetwork 440 (e.g., network 105 in FIG. 1 ) to a server 442 (e.g., server107 in FIG. 1 ) or a personal computer 444 (e.g., mobile device 106).Additionally or alternatively, the ring 405 may be configured to senseor harvest energy from natural environment, such as the sun 450.

The secure access panel 432, for example, may control access to aresource. The smart ring 101 may interact with the secure access panel432 in order to cause the secure access panel 432 to grant the wearerand/or the smart ring 101 access to the resource. For example, thesecure access panel 432 may include a lock that controls access to aphysical resource or physical space such as a home, room, vehicle, safe,etc.

The ring 405 may exchange data with other devices by communicativelyconnecting to the other devices using, for example, the communicationunit 160. The communicative connection to other device may be initiatedby the ring 405 in response to user input via the user input unit 170,in response to detecting trigger conditions using the sensor unit 150,or may be initiated by the other devices. The communicative connectionmay be wireless, wired electrical connection, or optical. In someimplementation, establishing a communicative link may includeestablishing a mechanical connection.

The ring 405 may connect to other devices (e.g., a device with thecharger 103 built in) to charge the battery 120. The connection to otherdevices for charging may enable the ring 405 to be recharged without theneed for removing the ring 405 from the finger. For example, thebracelet 420 may include an energy source that may transfer the energyfrom the energy source to battery 120 of the ring 405 via the chargingunit 430. To that end, an electrical (or optical) cable may extend fromthe bracelet 420 to an interface (e.g., interfaces 112 a, 112 b, 312 a,312 b) disposed at the housing (e.g., housings 110, 210 a, 210 b, 210 c,210 d, 210 e, 210 f, 210 g, 210 h, and/or 210 i) of the ring 405. Themobile device 422, the ring 424, the golf club 434, the steering wheel438 may also include energy source configured as chargers (e.g., thecharger 103) for the ring 405. The chargers for may transfer energy tothe ring 405 via a wired or wireless (e.g., inductive coupling)connection with the charging unit 130 of the ring 405.

Security Implementations

The smart ring 101 may be used to perform a variety of security-relatedfunctions. Within the general category of security arethree-interrelated concepts: identification, authentication, andauthorization. As will be described herein, the smart ring 101 canperform functions related to each of these three concepts.Identification relates to determining who a user is, e.g., to answeringthe question, “Who are you?” As an example, a user of a computing systemmay provide a username that indicates an identity of the user.Authentication relates to determining whether the user is who the usersaid to be. Continuing with the previous example, a user of a computingsystem may provide a password associated with the username that provesthe user is indeed the user associated with the username. Authorizationrelates to granting a user access to a resource and/or performing afunction a user has requested in response to the user being both (1)identified and (2) authenticated.

Authentication may be based at least in part upon one or more factors.Example authentication factors include: knowledge factors (e.g.,something a user knows, such as a password or personal identificationnumber (PIN)), possession factors (e.g., something a user has, such as aphysical key or card, or a token device that produces temporarypasswords or PINs), or inherence factors (e.g., something a user is,such as a biometric signature of the user). Multi-factor authenticationrelies on a combination of multiple authentication factors. In thecontext of the present disclosure, the smart ring 101 may supportauthentication factors within all three categories (knowledge,possession, and inherence), as will be discussed with reference to FIG.5 , FIG. 6A, FIG. 6B, and FIG. 7 . As a first example, the smart ring101 may collect biometric data that facilitates biometricauthentication. Further, the smart ring 101 itself may be a token that,if the user demonstrates possession of the smart ring 101, serves as apossession authentication factor. The smart ring 101 can also verify theproximity of other tokens to the smart ring 101. Moreover, the smartring 101 can collect PINs/passwords from the user, determine gesturalpatterns performed by the user, and determine contact patterns (e.g.,coded knocks) performed by the user, facilitating authentication basedat least in part upon knowledge factors.

FIG. 5 illustrates an example method 500 for identifying andauthenticating a user using biometric data collected by the smart ring101 according to one embodiment. In the example method 500, the smartring 101 performs an authentication operation using an authenticationfactor corresponding to biometric data. In some implementations, themethod 500 can begin at block 502. In other implementations, the method500 may begin at block 506.

At block 502, sensors of the smart ring 101 (e.g., sensor unit 150)collect biometric data of a user during an enrollment or set-up mode ofthe smart ring 101. The smart ring 101 may enter an enrollment mode inorder to register a new user to utilize the smart ring 101, or to updatea profile of an existing known user of the smart ring 101. During theenrollment mode, a user may provide an identification to the smart ring101 besides the biometric data, in order for the smart ring 101 toassociate the collected biometric data with a particular identity. Forinstance, the user may set up a profile on the smart ring 101 itself orby pairing the smart ring 101 with another device, such as the mobiledevice 422 or the mobile device 106. The user may provide a usernameassociated with the user and/or some other suitable form ofidentification such that the smart ring 101 can associate biometric datacollected during the enrollment mode to an identified, known user. Aswill be described with reference to FIG. 6A, FIG. 6B, and FIG. 7 , otherdata, such as gestural data, proximity data, and contact data, may alsobe collected during the enrollment mode and associated with anidentified, known user.

At block 504, the smart ring 101 determines a biometric signature of theidentified user based at least in part upon the biometric data collectedduring the enrollment mode and stores the biometric signature. The smartring 101 may determine the biometric signature using the controller 140.Additionally or alternatively, the smart ring 101 may communicate all ora portion of the collected biometric data to the server 107, the userdevice 104, the mobile device 106, the personal computer 444, or themobile device 422, which may in turn perform the analysis to determinethe biometric signature. In some cases, no processing may be needed todetermine the biometric signature; the biometric data may simply bestored as-is (e.g., as collected by the sensor unit 150). In othercases, the analyzing device (whether it is the smart ring 101 or anexternal device) may determine parameters and/or patterns based at leastin part upon the biometric data and assign these parameters and/orpatterns as the biometric signature. In any case, the biometricsignature is unique to a particular user.

As an example, the smart ring 101 may collect an ECG of the identifieduser. The analyzing device can determine features of the ECG, such asthe types of waves within the ECG (e.g., P, Q, R, S, and/or T waves),the locations and intervals among the waves, the amplitude of the waves,the shapes of the waves, the frequency, etc. A set of ECG features for aparticular user may be unique when compared to sets of ECG features forother users (thus, the sets of ECG features may function as uniquesignatures). The specific ECG pattern and/or the identified features ofthe ECG pattern then can be stored as a biometric signature. Similarly,as another example, the smart ring 101 may collect motion andorientation data while a user walks. The analyzing device may determinethat the motion and orientation data correspond to a user walking, andmay identify a specific movement pattern within the motion andorientation data corresponding to the user's gait. The specific movementpattern can then be stored as a biometric signature.

Other biometric data that the smart ring 101 can collect and candetermine a corresponding biometric signature for include: afingerprint, an iris scan, or voice data. For instance, the smart ring101 may identify a specific acoustic pattern associated with theidentified user's speech and store this acoustic pattern as a biometricsignature.

The analyzing device itself may store the biometric signature. In someimplementations, the analyzing device may communicate the biometricsignature to the smart ring 101, and the smart ring 101 may store thebiometric signature on the memory unit 144. Alternatively or inaddition, the analyzing device may communicate the biometric signatureto the server 107, which may function as an authentication server, asmentioned previously.

At block 506, sensors of the smart ring 101 collect, outside theenrollment mode, biometric data of a particular user while theparticular user is wearing the smart ring. As discussed previously withrespect to FIG. 1 and the sensor unit 150, the sensors of the sensorunit 150 can collect a variety of biometric data that may be indicativeof a biometric signature, such as heartbeat pattern, walking gait,fingerprint, iris, and/or voice data. In the example method 500, thecollected biometric data includes a heartbeat pattern of the user. Forexample, the heartbeat pattern may be a heart rate (e.g., pulse rate),an ECG, and/or physical movement data corresponding to the heartbeatpattern (e.g., chest vibrations corresponding to a heartbeat pattern,blood flow patterns corresponding to a heartbeat pattern).

The smart ring 101 may constantly collect biometric data in order todetermine that the wearer is an authenticated user. The smart ring 101may collect biometric data at regular periods (e.g., after severalseconds, minutes, or hours of wear by a user). Alternatively oradditionally, the smart ring 101 may collect biometric data in responseto a request from the user to perform an operation or in response toreceiving a signal from another device. For example, when the smart ring101 is brought into proximity with a secure access panel 432 (e.g.,proximity close enough for NFC communication), the secure access panel432 may transmit a signal to the smart ring 101 indicating that thesmart ring 101 must provide identification and authentication of thewearer in order to receive authorization to open the secure access panel432.

As another example, the user may wish to perform a cryptographicoperation, as will be discussed in more detail below with reference toblock 512. The user may need a cryptographic key stored on the smartring 101 in order to perform the cryptographic operation. The user mayindicate to the smart ring 101 that they wish to perform thecryptographic operation, for example by interacting with the user inputunit 170 (e.g., by pressing a button or screen on the smart ring 101 oron a paired device). Following the request, the smart ring 101 performsan authentication operation in order to authenticate the user as anidentified user associated with the cryptographic key before releasingthe cryptographic key.

At block 508 and block 510, the smart ring 101 performs anauthentication operation by (i) comparing the biometric data to abiometric signature for a known user to determine whether the biometricdata matches the biometric signature (block 508), and (ii) when thebiometric data matches the biometric signature, authenticating theparticular user by updating a record to indicate that the particularuser has been identified and authenticated as the known user (block510).

More particularly, at block 508, the smart ring 101 compares thebiometric data collected at block 506 to a biometric signature for aknown user to determine whether the biometric data matches the biometricsignature. If optional steps 502 and 504 have not been performed, thesmart ring 101 may compare the biometric data to biometric signaturesincluded in a general database of biometric signatures for knownindividuals stored externally, such as at the server 107. Inimplementations where steps 502 and 504 have been performed, then thebiometric data are compared to the biometric signature collected whilethe smart ring 101 was in an enrollment mode. The biometric signaturemay be stored at the smart ring 101, such as in the memory unit 144, ormay be stored on an external device such as the server 107, the userdevice 104, the mobile device 106, the personal computer 444, or themobile device 422. In implementations where the biometric signature isstored at a device external to the smart ring 101, the smart ring 101may communicate all or a portion of the collected biometric data to theexternal device in order to facilitate comparison.

The external device or the smart ring 101 then compares the biometricdata to the stored biometric signature. The stored biometric signatureis associated with a previously identified, known user. If the smartring 101 causes the external device to perform the comparison, theexternal device can communicate the results of the comparison to thesmart ring 101.

The collected biometric data and the stored biometric signature do notneed have to match exactly. The smart ring 101 can determine that thecollected biometric data and the stored biometric signature match if thetwo data sets are similar within a tolerance or threshold suitable forthe particular biometric application. For instance, the tolerance may bebased at least in part upon the uncertainty of the biometricmeasurement, which may depend on the sensors that collect the biometricdata.

As an example, if the collected biometric data includes a heartbeatpattern, then the collected heartbeat pattern is compared to a biometricsignature, such as a stored ECG or stored features of the ECG. Thecomparison may be between the collected heartbeat pattern and the storedECG. Alternatively or in addition, the external device or the smart ring101 may identify certain features of the heartbeat pattern (e.g., thefeatures of the waves within the ECG, as mentioned previously) andcompare these identified features to the stored features of the ECG. Ifthe collected heartbeat pattern matches the biometric signature, or atleast matches within a tolerance, then the smart ring 101 determinesthat the wearer of the ring has the identity associated with thebiometric signature and has authenticated the identity by providing thebiometric data.

As another example, if the collected biometric data includes motion datacorresponding to a walking gait, then the motion data are compared tostored walking gait data. The comparison may be between the collectedmotion data and the stored walking gait data. Alternatively or inaddition, the external device or the smart ring 101 may identify certainfeatures of the walking gait (e.g., a specific pattern of motion) andcompare these features to the features of the stored walking gait.

At block 510, when the biometric data matches the biometric signature,the smart ring 101 authenticates the user by updating a record toindicate that the user has been identified and authenticated as theknown user associated with the biometric signature. If the collectedbiometric data matches a biometric signature, then the smart ring 101has both (1) identified the particular user as the known user associatedwith the biometric signature, and (2) authenticated the particular userto actually be the known user associated with the biometric signature.

The smart ring 101 updates the record by recording in the memory unit144 an indication of the positive match between the collected biometricdata and the biometric signature. The record, for example, maycorrespond to a location in the memory unit 144 that devices external tothe smart ring 101 and/or components internal to the smart ring 101,such as the processor unit 142, can query to determine whether the useris authenticated. Alternatively or in addition, whenever the controller140 determines that the record has been updated to reflect that anauthentication operation has been performed, the controller 140 cancommunicate this update to devices and/or components external orinternal to the smart ring 101 (e.g., by transmitting a signal).

The update to the record may indicate why the smart ring 101 determinedthat the user has been authenticated (e.g., the record may indicate thatcollected biometric data matched a biometric signature), or the updateto the record may indicate that the current wearer of the ring is anauthenticated user, e.g., that the smart ring 101 is in an authenticatedstate. If the sensor unit 150 determines that the user has removed thesmart ring 101 from their finger (e.g., because the sensor unit 150 canno longer detect any pulse, much less a specific heartbeat pattern),then the smart ring 101 may update the record to indicate that the smartring 101 is no longer in an authenticated state.

If the smart ring 101 determines that the collected biometric data doesnot match the biometric signature, then the smart ring 101 may notupdate the record at all, or may update the record to indicate that afailed authentication operation has occurred. If the smart ring 101detects a failed authentication (whether a biometric authenticationoperation, a gestural authentication operation as described withreference to FIG. 6A, or a proximity authentication operation asdescribed with reference to FIG. 6B and FIG. 7 ), the smart ring 101will not authenticate the user. The smart ring 101 may communicate(e.g., via output unit 190 or a paired device) to the user that the userhas not been authenticated or that an authentication operation hasfailed. The smart ring 101 may prompt the user to re-authenticatethemselves, for example, by putting the smart ring 101 back on a fingeror performing an authentication gesture.

Note, while the example method 500 authenticates the wearer of the smartring 101 using biometric data including a heartbeat pattern of thewearer, other implementations may include additional authenticationoperations. For example, the smart ring 101 may authenticate the wearerusing gestural data, proximity data, or a combination thereof, usingtechniques described with reference to FIG. 6A, FIG. 6B, and FIG. 7 .The smart ring 101 may also authenticate the wearer by requesting a PINnumber or password from the wearer (e.g., via the output unit 190) andcomparing a user-provided PIN number or password to a PIN number orpassword stored on the smart ring 101. After each authenticationoperation, the smart ring 101 can update the record to indicate that thewearer has been authenticated based at least in part upon theauthentication operation. The smart ring 101 may also update the recordafter the wearer has been authenticated as the known user based at leastin part upon more than one authentication operation. Differentapplications may need that the wearer be authenticated based at least inpart upon more than one authentication operation. For example, if anapplication needs that the user be authenticated using twoauthentication factors, and a first authentication operation succeeds inauthenticating the user based at least in part upon a firstauthentication factor while a second authentication operation fails toauthenticate the user based at least in part upon a secondauthentication factor, then the user may not be authenticated or may notbe allowed to access the application.

As one example, the smart ring 101 may repeat steps 504, 506, 508. and510 before performing step 512 using additional biometric data. Asmentioned above, the smart ring 101 may, in addition to collecting aheartbeat pattern, also collect data corresponding to a walking gait ofthe user. The collected walking gait may be compared to a biometricsignature corresponding to a walking gait pattern of a known user inorder to determine whether the collected walking gait matches thebiometric signature. If so, then the smart ring 101 can update therecord to indicate that the user has been identified and authenticatedas the known user based at least in part upon walking gait. In suchimplementations, the smart ring 101 may perform step 512 only after therecord indicates that the user has been authenticated as the known userbased at least in part upon both heartbeat pattern data and walking gaitpattern data.

At block 512, when the record indicates that the user has beenidentified and authenticated, the smart ring 101 performs acryptographic operation, such as digitally signing transaction datausing a cryptographic key stored on the memory unit 144 of the smartring 101. As mentioned previously, the smart ring 101 may perform steps506, 508, 510, and 512 in response to a specific request by the user toperform a cryptographic operation. In response to the smart ring 101identifying and authenticating the user, and reflecting thisauthentication by updating the record, the smart ring 101 can thenperform the cryptographic operation. In other words, by updating therecord, the smart ring 101 (i) indicates that the user has beenidentified and authenticated as a known user and (ii) grantsauthorization to the user to access the cryptographic keys associatedwith the known user and stored on the smart ring 101. As mentionedpreviously, while example method 500 authenticates the user based atleast in part upon biometric data, in other implementations, step 512may only be performed after the user is authenticated based at least inpart upon multiple authentication operations.

A transaction may refer to any exchange of data, information, orcurrency, including cryptocurrency such as Bitcoin. While referred to asan “exchange,” it is understood that the transaction may compriseone-way output rather than a two-way exchange. Conventionally,information related to transactions are stored in centralized databasesheld by participants of the transactions or third-party arbiters.However, the transaction data that the smart ring digitally signs orencrypts with a private key can be transaction data of a blockchain.Below is a brief discussion of a blockchain and the secure transactionsthat the blockchain may facilitate.

A blockchain (e.g., an example of a distributed ledger) is a way ofachieving a distributed consensus on the validity or invalidity ofinformation in the chain. In other words, the blockchain provides adecentralized trust to participants and observers. As opposed to relyingon a central authority, a blockchain is a decentralized database inwhich a transactional record of changes to the ledger is maintained andvalidated by each node of a peer-to-peer network. The distributed ledgeris comprised of groupings of transactions organized together into a“block,” and ordered sequentially (thus the term “blockchain”).

The nodes that share the ledger form what is referred to herein thedistributed ledger network. The nodes in the distributed ledger networkvalidate changes to the blockchain (e.g., when a new transaction and/orblock is created) according to a set of consensus rules. The consensusrules depend on the information being tracked by the blockchain and mayinclude rules regarding the chain itself. For example, a consensus rulemay include that the originator of a change supplies a proof-of-identitysuch that only approved entities may originate changes to the chain. Aconsensus rule may need that blocks and transactions adhere to formatneed and supply certain meta information regarding the change (e.g.,blocks must be below a size limit, transactions must include a number offields, etc.). Consensus rules may include a mechanism to determine theorder in which new blocks are added to the chain (e.g., through aproof-of-work system, proof-of-stake, etc.).

Additions to the blockchain that satisfy the consensus rules arepropagated from nodes that have validated the addition to other nodesthat the validating node is aware of. If all the nodes that receive achange to the blockchain validate the new block, then the distributedledger reflects the new change as stored on all nodes, and it may besaid that distributed consensus has been reached with respect to the newblock and the information contained therein. Any change that does notsatisfy the consensus rule is disregarded by validating nodes thatreceive the change and is not propagated to other nodes. Accordingly,unlike a traditional system which uses a central authority, a singleparty cannot unilaterally alter the distributed ledger unless the singleparty can do so in a way that satisfies the consensus rules. Theinability to modify past transactions leads to blockchains beinggenerally described as trusted, secure, and immutable.

The validation activities of nodes applying consensus rules on ablockchain network may take various forms. In one implementation, theblockchain may be viewed as a shared spreadsheet that tracks data suchas the ownership of assets. In another implementation, the validatingnodes execute code contained in “smart contracts” and distributedconsensus is expressed as the network nodes agreeing on the output ofthe executed code.

When entities communicate with nodes of the blockchain to initiate or toadd data to a smart contract or secure transaction, the transaction maybe accompanied by a proof-of-identity of the entity. The cryptographicproof-of-identity can be included in transactions sent to theblockchain. For example, each entity (e.g., a particular user) may ownprivate cryptographic keys that are associated with public cryptographickeys known to belong to the entity (e.g., public cryptographic keysassociated with each of the entities may be published by a trusted thirdparty or proven to other network participants, etc.). The privatecryptographic key may be, for example, a unique alphanumeric string ofnumbers and letters generated by a random number generator. An entitywishing to send a transaction to the blockchain may sign a cryptographicmessage in the transaction with the entity's private cryptographic keyto prove the identity of the entity sending the transaction. In thisway, other network participants may be provided with cryptographic proofthat the information contained in the transaction was originated by theparticipating entity.

Returning to FIG. 5 , at block 512, if the smart ring 101 identifies andauthenticates the user as a known user, then the smart ring may sign(e.g., encrypt) transaction data with the private cryptographic keys ofthe known user. A known user's private cryptographic keys may be storedon the memory unit 144 of the smart ring 101. The private cryptographickeys are associated with the known user and no other user. Thus, thesmart ring 101 must identify and authenticate the user as the known userbefore signing transaction data with the known user's privatecryptographic keys.

The smart ring 101 may generate private cryptographic keys and store thekeys on the memory unit 144. In some instances, the smart ring 101 maygenerate a key for the known user in response to authenticating the useras the known user. The smart ring 101 may generate the private key usinga random number generator according to a seed value securely stored onthe smart ring. The seed value is a number that is unique to the knownuser. During an enrollment or set-up mode, a known user may enter a seedvalue into the smart ring 101 using a paired device or the user inputunit 170. Alternatively, the known user may enter a seed phrase that thesmart ring 101 translates into a corresponding seed value. Further, thesmart ring 101 may generate the seed value and/or seed phrase for theknown user. The smart ring 101 may associate the seed value and/or seedphrase with the known user, for example by securely storing the seedvalue and/or seed phrase in a profile of the known user.

The smart ring 101 may sign the transaction data in a variety of ways.For example, the transaction data itself may be communicated to thesmart ring 101 by an external computing device. The smart ring 101 thencan sign the received transaction data locally at the smart ring 101. Inother scenarios, the smart ring may communicate with an externalcomputing device, which may be a blockchain node or may be anotherdevice, such as the user device 104, in communicative connection with ablockchain, to digitally sign the transaction data.

The transaction data may correspond to any transaction facilitated by ablockchain. For example, the transaction data may be a smart contract. Asmart contract is a computer protocol that enables the automaticexecution and/or enforcement of an agreement between different parties.The smart contract may be computer code that is located at a particularaddress on a blockchain. The smart contract may include one or moretrigger conditions that, when satisfied, correspond to one or moreactions. For some smart contracts, the actions performed may bedetermined based at least in part upon one or more decision conditions.In some instances, data streams may be routed to the smart contract sothat the smart contract may detect that a trigger condition has occurredand/or analyze a decision condition.

The user may seek to initiate or create a smart contract and deploy thesmart contract on the blockchain, or the user may need to addinformation to a deployed smart contract. The user may update or createthe smart contract using a device communicatively connected to ablockchain network, such as the smart ring 101 or another externaldevice, such as the user device 104, the mobile device 106, the personalcomputer 444, or the mobile device 422. The smart ring 101 operates toencrypt the smart contract by digitally signing the smart contract usinga private cryptographic key of the known user once the user isauthenticated as the known user.

As another example, the transaction data may relate to a cryptocurrencytransaction, such as a Bitcoin transaction. The particular user may seekto transfer cryptocurrency to an address on a blockchain. To confirm thetransaction, the particular user signs the transaction with a privatekey. As in the case of the smart contract, the smart ring 101 signs thecryptocurrency transaction using a private cryptographic key of theknown user once the user is authenticated as the known user.

After authenticating the wearer as the known user, the smart ring 101may perform other cryptographic operations and/or security functions.For example, the smart ring 101 may decrypt transaction data using aprivate or public cryptographic key. The smart ring 101 may also grantauthorization to the user to access digital and/or physical resources.Further examples of the security functions of the smart ring 101 canperform are discussed herein with reference to FIG. 6A, FIG. 6B, andFIG. 7 . It should be understood that the various authenticationtechniques (e.g., authentication based at least in part upon biometric,gestural, or proximity data) can be combined to perform any combinationof the operations discussed herein (e.g., unlocking a resource orperforming a cryptographic operation).

FIG. 6A and FIG. 6B illustrate an example method 600 for performingmulti-factor authentication using the smart ring 101 according to oneembodiment. In some implementations, the method 600 can begin at block602. In other implementations, the method 600 may begin at block 606.

In the example method 600, the smart ring 101 performs multi-factorauthentication using (i) a first authentication factor corresponding toa gesture, and (2) a second authentication factor corresponding tocontact between the smart ring 101 and a component external to the smartring. While example method 600 includes two authentication factors, thesmart ring 101 is capable of performing additional authenticationoperations using additional, different authentication factors.

Beginning with FIG. 6A, at block 602, the sensors of the sensor unit 150collect gestural data of a user during an enrollment mode or set-up modeof the smart ring 101. The smart ring 101 may perform block 602 in amanner similar to block 502. The smart ring 101 may enter an enrollmentmode in order to register a new user to utilize the smart ring 101, orto update a profile of an existing known user of the smart ring 101.During the enrollment mode, a user may provide an identification to thesmart ring 101 besides the gestural data, in order for the smart ring101 to associate the collected gestural data with a particular identity.For instance, the user may set up a profile on the smart ring 101 itselfor by paring the smart ring 101 with another device, such as the mobiledevice 422 or the mobile device 106. The user may provide a usernameassociated with the user and/or some other suitable form ofidentification such that the smart ring 101 can associate gestural datacollected during the enrollment mode to an identified, known user.During the same enrollment mode, the smart ring 101 may collect bothgestural and biometric data.

While the smart ring 101 is in the enrollment mode, the user can performa specific gesture that the user wishes to associate with theiridentity. The smart ring 101 may itself prompt the user to perform thegesture (e.g., via output unit 190) or the user device 104 or the mobiledevice 106 paired with the smart ring 101 may prompt the user. In thisway, the smart ring 101 can determine that motion and movement datacollected directly after the prompt is to be associated with a specificgesture. The smart ring 101 may prompt the user to perform the gestureseveral times in order for the smart ring 101 to identify the gesturalpattern.

At block 604, the smart ring 101 determines an authentication gesture ofthe identified user based at least in part upon the gestural datacollected during the enrollment mode and stores the authenticationgesture. The smart ring 101 may determine the authentication gestureusing the controller 140. Additionally or alternatively, the smart ring101 may communicate all or a portion of the collected gestural data tothe server 107, the user device 104, the mobile device 106, the personalcomputer 444, or the mobile device 422, which may in turn perform theanalysis to determine the authentication gesture. In some cases, noprocessing may be needed to determine the authentication gesture; thegestural data (e.g., the motion and orientation data corresponding tothe gesture) may simply be stored as-is (e.g., as collected by thesensor unit 150). In other cases, the analyzing device (whether it isthe smart ring 101 or an external device) may determine parametersand/or patterns based at least in part upon the gestural data and assignthese parameters and/or patterns as the authentication gesture. In anycase, the authentication gesture is associated with the particularidentified user.

As an example, the smart ring 101 may collect motion and orientationdata of the identified user during the enrollment mode while theidentified user performs a secret gesture known only to the identifieduser. The analyzing device can determine the specific pattern ofmovement and orientation of the collected data, and classify thisspecific pattern as an authentication gesture associated with theidentified user. This specific pattern can then be stored as anauthentication gesture.

The analyzing device itself may store the authentication gesture. Insome implementations, the analyzing device may communicate theauthentication gesture to the smart ring 101, and the smart ring 101 maystore the authentication gesture on memory unit 144. Alternatively or inaddition, the analyzing device may communicate the authenticationgesture to the server 107, which may function as an authenticationserver, as mentioned previously.

At blocks 606, 608, 610, and 612, the smart ring 101 performs a firstauthentication operation. Beginning at block 606, the sensor unit 150collects, outside of the enrollment mode, gestural data representing acandidate gesture and a first authentication factor. The candidategesture corresponds to ring movement while a user is wearing the smartring. The gestural data includes motion and orientation data collectedby the sensor unit 150.

The smart ring 101 may collect the gestural data in response to arequest from the user made using the user input unit 170. For example,the user may indicate to the smart ring 101 that the smart ring 101should authenticate the user as a known user so that the user may accessa particular resource. Alternatively, the smart ring 101 may collect thegestural data in response to receiving a signal from a second deviceexternal to the smart ring 101. The second device controls access to aphysical or digital resource. For example, the second device maycorrespond to the secure access panel 432 controlling access to aphysical resource. As another example, the second device may be a devicethat controls access to digital information, such as the mobile device422, the server 442, the personal computer 444, or another smart ring436 or other wearable device worn by another user. When the smart ring101 is in proximity to the second device, the second device may transmita signal to the smart ring 101 indicating that the smart ring 101 shouldauthenticate the wearer of the smart ring 101 in order to access theresource. The smart ring 101 may indicate to the user (e.g., via theoutput unit 190) that the user should perform an authentication gesturein order to authenticate themselves.

The smart ring 101 (or a separate analyzing device, in a manneranalogous to block 604) can determine a pattern of movement andorientation of the collected gestural data which corresponds to acandidate gesture. At block 608, the smart ring 101 compares candidategesture to an authentication gesture for a known user to determinewhether the candidate gesture matches the authentication gesture. Ifoptional steps 602 and 604 have not been performed, the smart ring 101may compare the candidate gesture to authentication gestures included ina general database of authentication gestures for known individualsstored externally, such as at the server 107. In implementations wheresteps 602 and 604 have been performed, then the candidate gesture iscompared to the authentication gesture collected while the smart ring101 was in an enrollment mode. The authentication gesture may be storedat the smart ring 101, such as in the memory unit 144, or may be storedon an external device such as the server 107, the user device 104, themobile device 106, the personal computer 444, or the mobile device 422.In implementations where the authentication gesture is stored at adevice external to the smart ring 101, the smart ring 101 maycommunicate all or a portion of the collected gestural data to theexternal device in order to facilitate comparison between the candidategesture and the authentication gesture.

The external device or the smart ring 101 then compares the candidategesture to the stored authentication gesture. The stored authenticationgesture is associated with a previously identified, known user. If thesmart ring 101 causes the external device to perform the comparison, theexternal device can communicate the results of the comparison to thesmart ring 101.

The candidate gesture and the stored authentication gesture do not needto match exactly. The smart ring 101 can determine that the candidategesture and the stored authentication gesture match if the gestures orthe gestural data corresponding to the gestures are similar within atolerance or suitable threshold. A suitable threshold may be, forexample, based at least in part upon the uncertainty of the motion andorientation measurements made by the sensor unit 150.

At block 610, when the candidate gesture matches the authenticationgesture, the smart ring 101 generates a signal indicating that the userhas been identified and authenticated as the known user based at leastin part upon the first authentication factor. Then, at block 612, thesmart ring 101 transmits the signal to a second device that controlsaccess to a resource. In other embodiments, the smart ring 101 may, inresponse to the candidate gesture matching the authentication gesture,additionally or alternatively update a record to indicate that the userhas been identified and authenticated as the known user associated withthe authentication gesture, in a manner similar to block 510.

The signal indicates that the user has been identified and authenticatedas a known user. The signal may also indicate why the smart ring 101determined that the user has been authenticated (e.g., the signal mayindicate that the user has been authenticated based at least in partupon matching an authentication gesture to a candidate gesturecorresponding to collected gestural data). The signal may also indicatean identity of the known user (e.g., a username or a name of the knownuser).

In some implementations, the smart ring 101 may determine that the knownuser is a user that is authorized to access the resource. The smart ring101 may determine whether a user is authorized based at least in partupon information stored in the memory unit 144 indicating what resourcescan be accessed by known users. The smart ring 101 may also determinewhether a user is authorized by communicating with the second device orwith another external device such as the server 107. If the smart ring101 determines that the known user is authorized to access the resource,then the signal may also indicate that the authenticated user isauthorized.

Additionally or alternatively, the signal may indicate that the user hasbeen identified and authenticated as a known user based at least in partupon the first authentication factor, but may not indicate whether thatknown user is authorized to access the resource. In suchimplementations, the second device, based at least in part upon thesignal, determines whether the known user is a user that is authorizedto access the resource.

In any case, the signal may be generated by the controller 140 or, morespecifically, by the processor unit 142. The signal may be anelectromagnetic signal that carries information indicating that the userhas been authenticated. The generated signal may be transmitted to thesecond device by the communication unit 160.

Continuing on to FIG. 6B, which illustrates additional steps of examplemethod 600, at blocks 614, 616, and 618, the smart ring 101 performs asecond authentication operation. It is understood that while the secondauthentication operation (e.g., blocks 614, 616, and 618) is depicted astaking place after the first authentication operation (e.g., blocks 606,608, 610, and 612), the order of the first and second authenticationoperations may be switched. Further, each of the authenticationoperations may occur simultaneously. For example, the user may perform agesture that also involves a bump (e.g., contact, discussed in furtherdetail below with respect to block 614) of the smart ring 101 with asecond device. The smart ring 101 may only perform the secondauthentication operation if the first authentication operationpositively authenticates the user as a known user. Further, the smartring 101 may only perform the second authentication operation if contact(block 614) is detected within a short amount before or after thegestural data are collected (block 606) (e.g., less than 10-30 seconds).

Beginning at block 614, the sensor unit 150 detects contact between thesmart ring 101 and a component external to the smart ring 101. Thedetected contact represents a second authentication factor. The contactthat the sensor unit 150 detects may be physical contact between thesmart ring 101 and the component, or may be close physical proximity(e.g., on the order of centimeters or on the order of the thickness ofthe housing 110). For example, tactile sensors of the smart ring 101 maydetect physical contact or a physical “bump” between the smart ring 101and the component. As another example, proximity sensors, such as an NFCdevice, may detect signal(s) transmitted between the smart ring 101 andan NFC circuit of the component, indicating that the smart ring 101 iswithin NFC-range of the component.

The component external to the smart ring 101 may be a component of thesecond device which controls access to the resource. For instance, thecomponent may be an NFC circuit within the housing of the second device.As an example, the second device may be the secure access panel 432. Thewearer of the smart ring 101 may perform a gesture with the hand wearingthe smart ring 101 and then perform a bump between the smart ring 101and the secure access panel 432.

In other implementations, the component external to the smart ring 101may be a third device, distinct from and external to the smart ring 101and the second device. For example, the component may be another ring ofthe user (e.g., the ring 424), another device (e.g., the mobile device422, the user device 104, or the mobile device 106), or a hardwaretoken.

At block 616, in response to detecting the contact between the smartring 101 and the component, the smart ring 101 generates a secondsignal, and the smart ring 101 transmits the second signal to the seconddevice at block 618. The signal may be an electromagnetic signal thatcarries information indicating that the smart ring 101 has made contactwith the component. The signal indicates that the particular user hasbeen identified and authenticated as the known user based at least inpart upon the second authentication factor. As in blocks 610 and 612,the controller 140 (or more specifically the processor unit 142) maygenerate the signal at block 616 and the communication unit 160 maytransmit the signal.

The smart ring 101 may perform steps 616 and 618 in response to the factthat the smart ring 101 has contacted the component. In someimplementations, the smart ring 101 may also receive additionalinformation from the component before performing steps 616 and 618. Forinstance, during the contact and/or the proximity of the smart ring 101and the component, the component may communicate an identifier of thecomponent to the smart ring 101. The smart ring 101 may compare thisidentifier to stored identifiers on the memory unit 144 of the smartring 101 or on the memory 109 of the server 107 to determine whether thecomponent is associated with a known user. For example, the identifiermay correspond to a component of a vehicle of the known user, or theidentifier may correspond to a device or token of the known user. Bycomparing the identifier to identifiers of devices associated with theknown user, the smart ring 101 (possibly in conjunction with the server107) can determine that (a) the second device is associated with theknown user, in the case where the component is a component of the seconddevice, or (b) the user is in possession of a component associated withthe known user, in the case where the component is a third device. Inresponse to receiving an identifier associated with the known user, thesmart ring 101 may then perform steps 616-618. The signal transmitted at618 may indicate that the received identifier is associated with theknown user.

In addition, the smart ring 101 may receive a signal from the componentindicating that the component has detected contact with the smart ring101. The smart ring 101 may perform steps 616 and 618 in response toreceiving this signal. In some implementations, the smart ring 101 mayonly perform steps 616 and 618 if the smart ring 101 receives thissignal from the component within a short time period of detecting thecontact with the component (e.g., on the order of 10-30 seconds orless).

At block 620, when the second device receives the first and the secondsignals, the smart ring 101 causes the second device to grant the useraccess to the resource in response to determining that the first andsecond signals indicate that the particular user has been authenticatedbased at least in part upon both the first and second authenticationfactors. As mentioned previously, the second device may grant access tothe resource upon receiving the first and the second signals anddetermining that the first and second signals indicate that theparticular user has been authenticated as a known user, or the seconddevice may need to perform additional processing to determine whetherthe authenticated user is authorized to access the resource.

The resource may be a physical resource or a digital resource. Forexample, in the case where the second device is the secure access panel432, the second device may grant access to a physical space in responseto receiving the first and second signals. In other scenarios, thesecond device may be a computing device, such as the mobile device 422or the personal computer 444. In response to receiving the first and thesecond signals, the computing device may grant the smart ring 101 or theuser access to digital information stored on the computing device oraccessible through the computing device. Still further, the resource maybe control over the second device or a device that the second devicemanages access to. For instance, the second device may manage access tocontrol over a vehicle, a security system, or a computing device.

In the case where the second device is another smart ring 436 worn byanother user, the other smart ring 436 may similarly transmit signals tothe smart ring 101 indicating that the other wearer is an authenticateduser and that the other smart ring 436 has been in contact or proximitywith the smart ring 101. In response to receiving these signals from theother smart ring 436, the smart ring 101 may grant the smart ring 436access to an information resource that the smart ring 101 controlsaccess to, such as digital information stored on the smart ring 101 oron a device paired with the smart ring 101 such as the user device 104,the mobile device 106, or the server 107. The smart ring 101 may, basedat least in part upon the received signals, determine whether theauthenticated user is authorized to access the information resource by,for example, comparing the identity of the authenticated user includedin the signal to known users stored on the smart ring 101 or the server107.

If the smart ring 101 grants access to the smart ring 436, and the smartring 436 has similarly granted the smart ring 101 access within a shortperiod of time (e.g., on the order of seconds or minutes), then tworings 101, 436 may perform or allow an exchange of information betweenthe two rings 101, 436 or devices in communication with the two rings101, 436 and associated with their respective users. Further, the tworings 101, 436 may execute an agreement, such as a contract, between thetwo users. For example, each ring may sign an agreement between the userof the ring and the user of the other ring using an identity of the userof the ring. Such situations may occur, for example, if the two usersperform a secret handshake gesture that either includes a bump is or isperformed directly before or directly after a bump. Each user may alsoperform an individual gesture that does not involve the other user'shand but that is performed either directly before or directly after abump between the two rings.

FIG. 7 illustrates an example method 700 for identifying andauthenticating a user using contact data collected by the smart ring 101indicating a sequence of taps of the smart ring 101 according to oneembodiment. In the example method 700, the smart ring 101 performs anauthentication operation using an authentication factor corresponding toa sequence of taps. In some implementations, the method 700 can begin atblock 702. In other implementations, the method 700 may begin at block706.

At block 702, sensors of the smart ring 101 (e.g., sensor unit 150)detect a sequence of taps of the smart ring 101 during an enrollmentmode or set-up mode of the smart ring 101 by collecting contact data.The smart ring 101 may perform block 702 in a manner similar to blocks602 and 502. The smart ring 101 may enter an enrollment mode in order toregister a new user to utilize the smart ring 101, or to update aprofile of an existing known user of the smart ring 101. During theenrollment mode, a user may provide an identification to the smart ring101 besides the contact data indicating the sequence of taps, in orderfor the smart ring 101 to be associated the detected sequence of tapswith a particular identity. For instance, the user may set up a profileon the smart ring 101 itself or by pairing the smart ring 101 withanother device, such as the mobile device 422 or the mobile device 106.The user may provide a username associated with the user and/or someother suitable form of identification such that the smart ring 101 canassociate the sequence of taps detected during the enrollment mode to anidentified, known user. During the same enrollment mode, the smart ring101 may collect biometric, gestural, and contact data.

While the smart ring 101 is in the enrollment mode, the user can tap thesmart ring in a particular sequence that the user wishes to associatewith their identity. The smart ring 101 may itself prompt the user toperform the sequence of taps (e.g., via output unit 190) or the userdevice 104 or the mobile device 106 paired with the smart ring 101 mayprompt the user. In this way, the smart ring 101 can determine thatcontact data collected directly after the prompt is to be associatedwith a specific sequence of taps. The smart ring 101 may prompt the userto perform the sequence of taps several times in order for the smartring 101 to identify a pattern corresponding to the sequence of taps.

A “tap” corresponds to the smart ring 101 detecting contact with acomponent external to the smart ring 101. Thus, while the sequence oftaps may correspond to a user tapping on the smart ring 101 or a portionof the smart ring 101 (e.g., tapping on the smart ring 101 with a fingerof the user), the sequence of taps may correspond with the user tappingthe smart ring 101 against any object external to the smart ring 101,such as a door, computing device, or other smart ring. The contact dataindicating the sequence of taps may include, for example, acceleration,vibration, and tactile data indicating a tap of the smart ring withanother object. The smart ring 101 may differentiate a deliberate tapfrom background vibration based at least in part upon the contact data.For example, the smart ring 101 may compare the magnitudes of thedetected vibration, acceleration, or force applied to the smart ring 101to threshold magnitudes comparable to background or accidental contact.

Contact that the sensor unit 150 detects as a tap of the sequence oftaps may be physical contact between the smart ring 101 and anotherobject. Multiple taps detected within a short time period (e.g., on theorder of seconds or fractions of a second) may be determined by thesmart ring 101 to belong to the same sequence of taps.

At block 704, the smart ring 101 determines an authentication pattern ofthe identified user based at least in part upon the sequence of tapsdetected during the enrollment mode and stores the authenticationpattern. The smart ring 101 may determine the authentication patternusing the controller 140. Additionally or alternatively, the smart ring101 may communicate all or a portion of the collected contact data tothe server 107, the user device 104, the mobile device 106, the personalcomputer 444, or the mobile device 422, which may in turn perform theanalysis on the contact data to determine the authentication pattern.The authentication pattern corresponds to the pattern of the detectedsequence of taps. The analyzing device (whether it is the smart ring 101or an external device) may determine features of the sequence such as,for example, the rhythm, tempo, frequency, or beat of the taps, or thetime between each tap. The collection of sequence features maycollectively make up the authentication pattern.

In addition to associating the authentication pattern with theidentified user, the smart ring 101 may also associate theauthentication pattern with unlocking a single resource or withunlocking access to multiple resources. For example, if the smart ring101 detects proximity to a second device controlling access to aresource while (or shortly before or after) detecting the sequence oftaps, the smart ring 101 may associate the authentication pattern withthe particular second device. The second device may transmit anidentifier of the second device to the smart ring 101 in order for thesmart ring 101 to associate the authentication pattern with the seconddevice. The second device may transmit the identifier in response to arequest from the smart ring 101, or in response to detecting proximityof the smart ring 101 or contact with the smart ring 101. Alternativelyor additionally, using the user input unit 170 or a paired device, theuser may indicate to the smart ring 101 that the authentication patternis to be associated with unlocking a particular resource or device.

In some implementations, the smart ring 101 may associate theauthentication pattern with the smart ring 101 making contact with aparticular object. For instance, the smart ring 101 may detect that thesequence of taps has been made against a particular second devicecontrolling access to a resource or against a particular component(e.g., the device or component may transmit an identifier to the smartring 101).

In any case, the smart ring 101 associates the authentication patternwith the particular identified user. As an example, the smart ring 101may collect contact data during the enrollment mode while the userperforms taps the smart ring 101 against an object in a unique patternknown only to the user. The smart ring 101 detects the sequence of tapsbased at least in part upon the contact data. The analyzing device candetermine the specific pattern corresponding to the sequence of taps,and classify this specific pattern as an authentication patternassociated with the identified user. This specific pattern can then bestored as an authentication pattern.

The analyzing device itself may store the authentication pattern. Insome implementations, the analyzing device may communicate theauthentication pattern to the smart ring 101, and the smart ring 101 maystore the authentication pattern on the memory unit 144. Alternativelyor in addition, the analyzing device may communicate the authenticationpattern to the server 107, which may function as an authenticationserver, as mentioned previously.

At block 706, sensors of the smart ring 101 collect, outside theenrollment mode, contact data indicating a sequence of taps between thesmart ring 101 and a component external to the smart ring. The smartring 101 may constantly collect contact data in order to detect when auser deliberately taps the smart ring 101 against an object in apattern. Alternatively or additionally, the smart ring 101 may collectcontact data in response to a request from the user made using the userinput unit 170. For example, the user may indicate to the smart ring 101that the smart ring 101 should authenticate the user as a known user sothat the user may access a particular resource. Still further, the smartring 101 may collect the contact data in response to receiving a signalfrom a second device external to the smart ring 101. The second devicecontrols access to a physical or digital resource. For example, thesecond device may correspond to the secure access panel 432 controllingaccess to a physical resource. As another example, the second device maybe a device that controls access to digital information, such as themobile device 422, the server 442, the personal computer 444, or anothersmart ring 436 or other wearable device worn by another user. When thesmart ring 101 is in proximity to the second device, the second devicemay transmit a signal to the smart ring 101 indicating that the smartring 101 should authenticate the user of the smart ring 101 in order toaccess the resource. The smart ring 101 may indicate to the user (e.g.,via the output unit 190) that the user should perform an authenticationpattern in order to authenticate themselves.

The sensor unit 150 detects the sequence of taps corresponding to thecandidate pattern in a manner analogous to how the sensor unit 150detects the sequence of taps corresponding to the authentication patternwhile the smart ring 101 is in an enrollment mode. The user may causethe smart ring 101 to come into contact with a physical body part of theuser (e.g., the user may tap the smart ring 101 with a finger), or withanother component external to the smart ring 101 (e.g., the user may tapthe smart ring 101 against another object). The component may be acomponent of the second device which controls access to the resource.For instance, the second device may be the secure access panel 432. Thewearer of the smart ring 101 may perform a sequence of taps with thesmart ring 101 against the secure access panel 432. In otherimplementations, the component external to the smart ring 101 may be athird device or object, distinct from and external to the smart ring 101and the second device. For example, the component may be another ring ofthe user (e.g., the ring 424), another device (e.g., the mobile device422, the user device 104, the mobile device 106, another smart ring436), or a hardware token. The component could also be a non-electronicobject, such as a door (e.g., a user could perform a sequence of tapsagainst a door corresponding to a coded or secret knock).

The smart ring 101 (or a separate analyzing device, in a manneranalogous to block 704) can determine that the sequence of tapscorresponds to a candidate pattern. At blocks 708 and 710, the smartring performs an authentication operation by (i) comparing the candidatepattern to an authentication pattern for a known user to determinewhether the candidate pattern matches the authentication pattern (block708), and (ii) when the candidate pattern matches the authenticationpattern, authenticating the particular user by updating a record toindicate that the particular user has been identified and authenticatedas the known user (block 710).

More particularly, at block 708, the smart ring 101 compares thecandidate pattern collected and determined at block 706 to anauthentication pattern for a known user to determine whether thecandidate pattern matches the authentication pattern. If optional steps702 and 704 have not been performed, the smart ring 101 may compare thecandidate pattern to authentication patterns included in a generaldatabase of authentication patterns for known individuals storedexternally, such as at the server 107. In implementations where steps702 and 704 have been performed, then the candidate pattern is comparedto the authentication pattern collected while the smart ring 101 was inan enrollment mode. The authentication pattern may be stored at thesmart ring 101, such as in the memory unit 144, or may be stored on anexternal device, such as the server 107, the user device 104, the mobiledevice 106, the personal computer 444, or the mobile device 422. Inimplementations where the authentication pattern is stored at a deviceexternal to the smart ring 101, the smart ring 101 may communicate allor a portion of the collected contact data to the external device tofacilitate comparison between the candidate pattern and theauthentication pattern.

The external device or the smart ring 101 then compares the candidatepattern to the stored authentication pattern. The stored authenticationpattern is associated with a previously identified, known user. If thesmart ring 101 causes the external device to perform the comparison, theexternal device can communicate the results of the comparison to thesmart ring 101.

The candidate pattern and the stored authentication pattern may not needto match exactly. The smart ring 101 can determine that the candidatepattern and the stored authentication pattern match if the features ofthe sequences of taps or the contact data corresponding to the sequencesof taps are similar within a tolerance or suitable threshold. A suitablethreshold may be, for example, based at least in part upon theuncertainty of the contact data measurements made by the sensor unit150, or on the precision of the human mind in performing atime-dependent rhythm.

At block 710, when the candidate pattern matches the authenticationpattern, the smart ring 101 authenticates the user by updating a recordto indicate that the user has been identified and authenticated as theknown user associated with the authentication pattern. If the collectedcandidate pattern matches the authentication pattern, then the smartring 101 has both (1) identified the particular user as the known userassociated with the authentication pattern, and (2) authenticated theparticular user to actually be the known user associated with theauthentication pattern.

The smart ring 101 updates the record by recording in the memory unit144 an indication of the positive match between the collected candidategesture and the authentication pattern. The smart ring 101 may updatethe record in a manner similar to block 510, for example. The record maycorrespond to a location in the memory unit 144 that devices external tothe smart ring 101 and/or components internal to the smart ring 101,such as the processor unit 142, can query to determine whether the useris authenticated. Alternatively or in addition, whenever the controller140 determines that the record has been updated to reflect than anauthentication operation has been performed, the controller 140 cancommunicate this update to devices and/or components external orinternal to the smart ring 101.

The update to the record may indicate why the smart ring 101 determinedthat the user has been authenticated (e.g., the record may indicate thatthe candidate pattern matched an authentication pattern), or the updateto the record may indicate that the current wearer of the ring is anauthenticated user, e.g., that the smart ring 101 is in an authenticatedstate. If the sensor unit 150 determines that the user has removed thering 101 from their finger, then the smart ring 101 may update therecord to indicate that the smart ring 101 is no longer in anauthenticated state.

At block 712, in response to the record indicating that the particularhas been identified and authenticated, the smart ring 101 transmits asignal to a second device that controls access to a resource. The signalindicates that the user has been identified and authenticated as a knownuser. Similar to the update to the record, the signal may indicate whythe smart ring 101 determined that the user has been authenticated(e.g., the signal may indicate that the user has been authenticatedbased at least in part upon matching a candidate pattern to anauthentication pattern of a known user). The signal may also indicate anidentity of the known user (e.g., a username or a name of the knownuser) and/or an identifier of the smart ring 101. It is understood thatin other example methods, additional authentication operations may beperformed by the smart ring prior to transmitting the signal at block712, or prior to receiving access to the resource at block 714.

In some implementations, the smart ring 101 may determine that the knownuser is a user that is authorized to access the resource. The smart ring101 may determine whether a user is authorized based at least in partupon information stored in the memory unit 144 indicating what resourcescan be accessed by known users. The smart ring 101 may also determinewhether a user is authorized by communicating with the second device orwith another external device such as the server 107. If the smart ring101 determines that the known user is authorized to access the resource,then the signal may also indicate that the authenticated user isauthorized. Further, the smart ring 101 may only transmit the signal inresponse to determining that the authenticated user is authorized.

Additionally or alternatively, the signal may indicate that the user hasbeen identified and authenticated as a known user based at least in partupon an authentication factor corresponding to an authenticationpattern, but may not indicate whether that known user is authorized toaccess the resource. In such implementations, the second device, basedat least in part upon the signal, determines whether the known user is auser that is authorized to access the resource.

In any case, the signal may be generated by the controller 140 or, morespecifically, by the processor unit 142. The signal may be anelectromagnetic signal that carries information indicating that the userhas been authenticated. The generated signal may be transmitted to thesecond device by the communication unit 160.

In some implementations, the smart ring 101 may also receive additionalinformation from the component that the smart ring 101 has contacted orfrom the second device controlling access to the resource beforeupdating the record at 710 or transmitting the signal at 712. Forinstance, during the sequence of taps is and/or the proximity of thesmart ring 101 and the component, the component may communicate anidentifier of the component to the smart ring 101. The authenticationpattern may be associated with the identifier (as noted above withrespect to block 704) such that the pattern must be performed againstthe particular component in order for the smart ring 101 to authenticatethe user based at least in part upon the authentication pattern.

As another example, the smart ring 101 may receive an identifier fromthe second device that controls access to the resource (which may or maynot include the component that the smart ring 101 came into contactwith) when the smart ring 101 is in proximity of the second device. Theauthentication pattern may be associated with the second device (asnoted above with respect to block 704) such that the authenticationpattern only serves to authorize the authenticated user to access theresource controlled by the second device.

At block 714, when the second device receives the signal transmitted bythe smart ring 101 at block 712, the smart ring 101 causes the seconddevice to grant the user access to the resource in response todetermining that the signal indicates that the particular user has beenauthenticated. As mentioned previously, the second device may grantaccess to the resource upon receiving the signal, or the second devicemay need to perform additional processing to determine whether theauthenticated user is authorized to access the resource.

As discussed with reference to block 620, the resource may be a physicalresource or a digital resource. For example, in the case where thesecond device is the secure access panel 432, the second device maygrant access to a physical space in response to receiving the signal. Inother scenarios, the second device may be a computing device, such asthe mobile device 422 or the personal computer 444. In response toreceiving the signal, the computing device may grant the smart ring 101or the user access to digital information stored on the computing deviceor accessible through the computing device. Still further, the resourcemay be control over the second device or a device that the second devicemanages access to. For instance, the second device may manage access tocontrol over a vehicle, a security system, or a computing device. Thesecond device may also be another smart ring 436 worn by another user,as discussed with reference to FIG. 6 .

Examples of Other Considerations

When implemented in software, any of the applications, services, andengines described herein may be stored in any tangible, non-transitorycomputer readable memory such as on a magnetic disk, a laser disk, solidstate memory device, molecular memory storage device, or other storagemedium, in a RAM or ROM of a computer or processor, etc. Although theexample systems disclosed herein are disclosed as including, among othercomponents, software or firmware executed on hardware, it should benoted that such systems are merely illustrative and should not beconsidered as limiting. For example, it is contemplated that any or allof these hardware, software, and firmware components could be embodiedexclusively in hardware, exclusively in software, or in any combinationof hardware and software. Accordingly, while the example systemsdescribed herein are described as being implemented in software executedon a processor of one or more computer devices, persons of ordinaryskill in the art will readily appreciate that the examples provided arenot the only way to implement such systems.

The described functions may be implemented, in whole or in part, by thedevices, circuits, or routines of the system 100 shown in FIG. 1 . Eachof the described methods may be embodied by a set of circuits that arepermanently or semi-permanently configured (e.g., an ASIC or FPGA) toperform logical functions of the respective method or that are at leasttemporarily configured (e.g., one or more processors and a setinstructions or routines, representing the logical functions, saved to amemory) to perform the logical functions of the respective method.

While the present disclosure has been described with reference tospecific examples, which are intended to be illustrative only and not tobe limiting of the present disclosure, it will be apparent to those ofordinary skill in the art that changes, additions or deletions may bemade to the disclosed embodiments without departing from the spirit andscope of the present disclosure.

Throughout this specification, plural instances may implementcomponents, operations, or structures described as a single instance.Although individual operations of one or more methods are illustratedand described as separate operations, one or more of the individualoperations may be performed concurrently in certain embodiments.

As used herein, any reference to “one embodiment” or “an embodiment”means that a particular element, feature, structure, or characteristicdescribed in connection with the embodiment is included in at least oneembodiment. The appearances of the phrase “in one embodiment” in variousplaces in the specification may not be all referring to the sameembodiment.

As used herein, the terms “comprises,” “comprising,” “includes,”“including,” “has,” “having” or any other variation thereof, areintended to cover a non-exclusive inclusion. For example, a process,method, article, or apparatus that comprises a list of elements may notbe limited to only those elements but may include other elements notexpressly listed or inherent to such process, method, article, orapparatus. Further, unless expressly stated to the contrary, “or” refersto an inclusive “or” and not to an exclusive “or.” For example, acondition A or B is satisfied by any one of the following: A is true (orpresent) and B is false (or not present), A is false (or not present)and B is true (or present), and both A and B are true (or present).

In addition, use of the “a” or “an” are employed to describe elementsand components of the embodiments herein. Generally speaking, when asystem or technique is described as including “a” part or “a” step, thesystem or technique should be read to include one or at least one partor step. Said another way, for example, a system described as includinga blue widget may include multiple blue widgets in some implementations(unless the description makes clear that the system includes only oneblue widget).

Throughout this specification, some of the following terms and phrasesare used.

Communication Interface according to some embodiments: Some of thedescribed devices or systems include a “communication interface”(sometimes referred to as a “network interface”). A communicationinterface enables the system to send information to other systems and toreceive information from other systems, and may include circuitry forwired or wireless communication.

Each described communication interface or communications unit (e.g.,communications unit 160) may enable the device of which it is a part toconnect to components or to other computing systems or servers via anysuitable network, such as a personal area network (PAN), a local areanetwork (LAN), or a wide area network (WAN). In particular, thecommunication unit 160 may include circuitry for wirelessly connectingthe smart ring 101 to the user device 104 or the network 105 inaccordance with protocols and standards for NFC (operating in the 13.56MHz band), RFID (operating in frequency bands of 125-134 kHz, 13.56 MHz,or 856 MHz to 960 MHz), Bluetooth (operating in a band of 2.4 to 2.485GHz), Wi-Fi Direct (operating in a band of 2.4 GHz or 5 GHz), or anyother suitable communications protocol or standard that enables wirelesscommunication.

Communication Link according to some embodiments. A “communication link”or “link” is a pathway or medium connecting two or more nodes. A linkbetween two end-nodes may include one or more sublinks coupled togethervia one or more intermediary nodes. A link may be a physical link or alogical link. A physical link is the interface or medium(s) over whichinformation is transferred, and may be wired or wireless in nature.Examples of physicals links may include a cable with a conductor fortransmission of electrical energy, a fiber optic connection fortransmission of light, or a wireless electromagnetic signal that carriesinformation via changes made to one or more properties of anelectromagnetic wave(s).

A logical link between two or more nodes represents an abstraction ofthe underlying physical links or intermediary nodes connecting the twoor more nodes. For example, two or more nodes may be logically coupledvia a logical link. The logical link may be established via anycombination of physical links and intermediary nodes (e.g., routers,switches, or other networking equipment).

A link is sometimes referred to as a “communication channel.” In awireless communication system, the term “communication channel” (or just“channel”) generally refers to a particular frequency or frequency band.A carrier signal (or carrier wave) may be transmitted at the particularfrequency or within the particular frequency band of the channel. Insome instances, multiple signals may be transmitted over a singleband/channel. For example, signals may sometimes be simultaneouslytransmitted over a single band/channel via different sub-bands orsub-channels. As another example, signals may sometimes be transmittedvia the same band by allocating time slots over which respectivetransmitters and receivers use the band in question.

Memory and Computer-Readable Media according to some embodiments.Generally speaking, as used herein the phrase “memory” or “memorydevice” refers to a system or device (e.g., the memory unit 144)including computer-readable media (“CRM”). “CRM” refers to a medium ormedia accessible by the relevant computing system for placing, keeping,or retrieving information (e.g., data, computer-readable instructions,program modules, applications, routines, etc.). Note, “CRM” refers tomedia that is non-transitory in nature, and does not refer todisembodied transitory signals, such as radio waves.

The CRM may be implemented in any technology, device, or group ofdevices included in the relevant computing system or in communicationwith the relevant computing system. The CRM may include volatile ornonvolatile media, and removable or non-removable media. The CRM mayinclude, but is not limited to, RAM, ROM, EEPROM, flash memory, or othermemory technology, CD-ROM, digital versatile disks (DVD) or otheroptical disk storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store information, and which can be accessed by the computingsystem. The CRM may be communicatively coupled to a system bus, enablingcommunication between the CRM and other systems or components coupled tothe system bus. In some implementations the CRM may be coupled to thesystem bus via a memory interface (e.g., a memory controller). A memoryinterface is circuitry that manages the flow of data between the CRM andthe system bus.

Network according to some embodiments. As used herein and unlessotherwise specified, when used in the context of system(s) or device(s)that communicate information or data, the term “network” (e.g., thenetworks 105 and 440) refers to a collection of nodes (e.g., devices orsystems capable of sending, receiving or forwarding information) andlinks which are connected to enable telecommunication between the nodes.

Each of the described networks may include dedicated routers responsiblefor directing traffic between nodes, and, optionally, dedicated devicesresponsible for configuring and managing the network. Some or all of thenodes may be also adapted to function as routers in order to directtraffic sent between other network devices. Network devices may beinter-connected in a wired or wireless manner, and network devices mayhave different routing and transfer capabilities. For example, dedicatedrouters may be capable of high volume transmissions while some nodes maybe capable of sending and receiving relatively little traffic over thesame period of time. Additionally, the connections between nodes on anetwork may have different throughput capabilities and differentattenuation characteristics. A fiberoptic cable, for example, may becapable of providing a bandwidth several orders of magnitude higher thana wireless link because of the difference in the inherent physicallimitations of the medium. If desired, each described network mayinclude networks or sub-networks, such as a local area network (LAN) ora wide area network (WAN).

Node according to some embodiments. Generally speaking, the term “node”refers to a connection point, redistribution point, or a communicationendpoint. A node may be any device or system (e.g., a computer system)capable of sending, receiving or forwarding information. For example,end-devices or end-systems that originate or ultimately receive amessage are nodes. Intermediary devices that receive and forward themessage (e.g., between two end-devices) are also generally considered tobe “nodes.”

Processor according to some embodiments. The various operations ofexample methods described herein may be performed, at least partially,by one or more processors (e.g., the one or more processors in theprocessor unit 142). Generally speaking, the terms “processor” and“microprocessor” are used interchangeably, each referring to a computerprocessor configured to fetch and execute instructions stored to memory.By executing these instructions, the processor(s) can carry out variousoperations or functions defined by the instructions. The processor(s)may be temporarily configured (e.g., by instructions or software) orpermanently configured to perform the relevant operations or functions(e.g., a processor for an Application Specific Integrated Circuit, orASIC), depending on the particular embodiment. A processor may be partof a chipset, which may also include, for example, a memory controlleror an I/O controller. A chipset is a collection of electronic componentsin an integrated circuit that is typically configured to provide 1/O andmemory management functions as well as a plurality of general purpose orspecial purpose registers, timers, etc. Generally speaking, one or moreof the described processors may be communicatively coupled to othercomponents (such as memory devices and I/O devices) via a system bus.

The performance of certain of the operations may be distributed amongthe one or more processors, not only residing within a single machine,but deployed across a number of machines. In some example embodiments,the processor or processors may be located in a single location (e.g.,within a home environment, an office environment or as a server farm),while in other embodiments the processors may be distributed across anumber of locations.

Words such as “processing,” “computing,” “calculating,” “determining,”“presenting,” “displaying,” or the like may refer to actions orprocesses of a machine (e.g., a computer) that manipulates or transformsdata represented as physical (e.g., electronic, magnetic, or optical)quantities within one or more memories (e.g., volatile memory,non-volatile memory, or a combination thereof), registers, or othermachine components that receive, store, transmit, or displayinformation.

Although specific embodiments of the present disclosure have beendescribed, it will be understood by those of skill in the art that thereare other embodiments that are equivalent to the described embodiments.Accordingly, it is to be understood that the present disclosure is notto be limited by the specific illustrated embodiments.

1. A method performed by a smart ring, the method comprising:collecting, by one or more sensors of the smart ring, a heartbeatpattern of a particular user while the particular user is wearing thesmart ring, wherein the heartbeat pattern includes physical movementdata; performing an authentication operation by: comparing the heartbeatpattern to a biometric signature for a known user to determine whetherthe heartbeat pattern matches the biometric signature; and when theheartbeat pattern matches the biometric signature, authenticating theparticular user as the known user by updating a record; and respondingto the updated record by digitally signing transaction data using aprivate cryptographic key stored on a memory of the smart ring.
 2. Themethod of claim 1, further comprising: before collecting the heartbeatpattern of the particular user, collecting, by the one or more sensorsof the smart ring, initial biometric data of the known user while theknown user is wearing the smart ring and while the smart ring isoperating in an enrollment mode; and determining the biometric signaturefor the known user based at least in part upon the initial biometricdata.
 3. The method of claim 2, further comprising: storing thebiometric signature for the known user on the memory of the smart ring;and wherein comparing the heartbeat pattern to the biometric signaturefor the known user comprises: comparing the heartbeat pattern to thebiometric signature for the known user stored on the memory of the smartring.
 4. The method of claim 2, further comprising: transmitting, via acommunication interface of the smart ring, at least a portion of theinitial biometric data to a computing device external to the smart ring,wherein transmitting the at least a portion of the initial biometricdata causes the computing device to determine the biometric signaturefor the known user based at least in part upon the initial biometricdata; and wherein comparing the heartbeat pattern to the biometricsignature for the known user comprises: transmitting, via thecommunication interface, an indication of the heartbeat pattern to thecomputing device, wherein transmitting the indication causes thecomputing device to compare the collected heartbeat pattern to thebiometric signature; and receiving, from the computing device via thecommunication interface, an indication that the heartbeat patternmatches the biometric signature.
 5. The method of claim 1, wherein: theone or more sensors include an inertial measurement unit (IMU); theheartbeat pattern is included in biometric data that further includesacceleration data collected by the IMU and corresponding to a walkinggait of the user; the biometric signature is a first biometric signatureassociated with a heartbeat pattern of the known user; and performingthe authentication operation further comprises: comparing the biometricdata to a second biometric signature for the known user associated witha walking gait pattern of the known user to determine whether thebiometric data matches the second biometric signature; and when thebiometric data matches the first biometric signature and the secondbiometric signature, authenticating the particular user as the knownuser by updating the record.
 6. The method of claim 1, furthercomprising: collecting, by the one or more sensors of the smart ring,gestural data corresponding to ring movement while the particular useris wearing the smart ring, wherein the gestural data includes motiondata and orientation data; and wherein performing the authenticationoperation further comprises: comparing the gestural data to anauthentication gesture for the known user to determine whether thegestural data matches the authentication gesture; and when both theheartbeat pattern matches the biometric signature and the gestural datamatches the authentication gesture, authenticating the particular useras the known user by updating the record.
 7. The method of claim 1,wherein the heartbeat pattern further includes an electrocardiogram(ECG) of the particular user, and wherein comparing the heartbeatpattern to the biometric signature for the known user comprises:comparing the ECG of the particular user to the biometric signature ofthe known user, the biometric signature of the known user including anECG of the known user or a plurality of parameters of an ECG of theknown user.
 8. The method of claim 1, wherein responding to the updatedrecord further comprises: generating the private cryptographic key;storing the generated private cryptographic key on the memory of thesmart ring; and digitally signing the transaction data using thegenerated private cryptographic key.
 9. The method of claim 1, whereinthe transaction data are a smart contract that at least one of: isdeployed on a blockchain or the user is deploying to a blockchain. 10.The method of claim 1, wherein the transaction data relates to acryptocurrency transaction.
 11. A smart ring, the smart ring comprising:a housing configured to be worn by a user on a finger of the user; oneor more sensors included in the housing of the smart ring and configuredto collect a heartbeat pattern of a particular user while the particularuser is wearing the smart ring, wherein the heartbeat pattern includesphysical movement data; a memory included in the housing of the smartring; and a processor included in the housing of the smart ring andconfigured to: perform an authentication operation by: comparing theheartbeat pattern to a biometric signature for a known user to determinewhether the heartbeat pattern matches the biometric signature; and whenthe heartbeat pattern matches the biometric signature, authenticatingthe particular user as the known user by updating a record; and respondto the updated record by digitally signing transaction data using aprivate cryptographic key stored on the memory of the smart ring. 12.The smart ring of claim 11, wherein the one or more sensors are furtherconfigured to collect initial biometric data of the known user while theknown user is wearing the smart ring and while the smart ring isoperating in an enrollment mode.
 13. The smart ring of claim 12, whereinthe processor is further configured to: determine the biometricsignature for the known user based at least in part upon the initialbiometric data; store the biometric signature on the memory of the smartring; and compare the heartbeat pattern to the biometric signature forthe known user by comparing the heartbeat pattern to the biometricsignature for the known user stored on the memory of the smart ring. 14.The smart ring of claim 12, wherein the smart ring further includes acommunication interface, and wherein the processor is further configuredto: transmit, via the communication interface, at least a portion of theinitial biometric data to a computing device external to the smart ring,wherein transmitting the at least a portion of the initial biometricdata causes the computing device to determine the biometric signaturefor the known user based at least in part upon the initial biometricdata; and compare the heartbeat pattern to the biometric signature forthe known user by: transmitting, via the communication interface, anindication of the heartbeat pattern to the computing device, whereintransmitting the indication causes the computing device to compare thecollected heartbeat pattern to the biometric signature; and receiving,from the computing device via the communication interface, an indicationthat the heartbeat pattern matches the biometric signature.
 15. Thesmart ring of claim 11, wherein: the one or more sensors include aninertial measurement unit (IMU); the heartbeat pattern is included inbiometric data that further includes acceleration data collected by theIMU and corresponding to a walking gait of the user; the biometricsignature is a first biometric signature associated with a heartbeatpattern of the known user; and the processor is further configured toperform the authentication operation by: comparing the biometric data toa second biometric signature for the known user associated with awalking gait pattern of the known user to determine whether thebiometric data matches the second biometric signature; and when thebiometric data matches the first biometric signature and the secondbiometric signature, authenticating the particular user as the knownuser by updating the record.
 16. The smart ring of claim 11, wherein:the one or more sensors are further configured to collect gestural datacorresponding to ring movement while the particular user is wearing thesmart ring, wherein the gestural data includes motion data andorientation data; and the processor is further configured to perform theauthentication operation by: comparing the gestural data to anauthentication gesture for the known user to determine whether thegestural data matches the authentication gesture; and when both theheartbeat pattern matches the biometric signature and the gestural datamatches the authentication gesture, authenticating the particular userby updating the record to indicate that the particular user has beenidentified and authenticated as the known user.
 17. The smart ring ofclaim 11, wherein the heartbeat pattern further includes anelectrocardiogram (ECG) of the particular user, and wherein theprocessor is further configured to compare the heartbeat pattern to thebiometric signature for the known user by: comparing the ECG of theparticular user to the biometric signature of the known user, thebiometric signature of the known user including an ECG of the known useror a plurality of parameters of an ECG of the known user.
 18. The smartring of claim 11, wherein the processor is further configured to respondto the updated record by: generating the private cryptographic key;storing the generated private cryptographic key on the memory of thesmart ring; and digitally signing the transaction data using thegenerated private cryptographic key.
 19. The smart ring of claim 11,wherein the transaction data are a smart contract that at least one of:is deployed on a blockchain or the user is deploying to a blockchain.20. The smart ring of claim 11, wherein the transaction data relates toa cryptocurrency transaction.